RE: [Declude.Virus] [OT:] SoBig.E
I use Declude so that I can send an explanatory e-mail to the sender who can then zip legitimate attachments and resend them George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharyn Schmidt Sent: Tuesday, August 19, 2003 10:51 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] [OT:] SoBig.E I don't do it at the firewall level, but I do HOLD them using Declude Virus. I guess my thoughts on this are, if you don't *have* to let them into your network to begin with, then why do so? Sharyn We are the worldwide producer and marketer of the award winning Cruzan Single Barrel Rum, judged Best in the World at the annual San Francisco Wine and Spirits Championships. For more information, please click (go to) htmla href=http://www.cruzanrums.com;www.cruzanrums.com/a/html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] SoBig.F
Hi Scott: I used McAfee and it started blocking it since 8:31 EDT (I pull in their daily updates hourly). 08/19/2003 08:31:18 Q1893028b01baf614 Scanner 1: Virus= the W32/[EMAIL PROTECTED] virus !!! Attachment=details.pif [11] I 08/19/2003 08:31:18 Q1893028b01baf614 Found a bogus .pif file 08/19/2003 08:31:18 Q1893028b01baf614 File(s) are INFECTED [ the W32/[EMAIL PROTECTED] virus !!!: 13] 08/19/2003 08:31:18 Q1893028b01baf614 Scanned: CONTAINS A VIRUS [MIME: 4 76174] 08/19/2003 08:31:18 Q1893028b01baf614 From: [Forged] To: [EMAIL PROTECTED] [incoming from x.x.x.x] 08/19/2003 08:31:18 Q1893028b01baf614 Subject: DELIVERY FAILURE: User name ([EMAIL PROTECTED]) not listed in DominoDirectory Best Regards Andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Hahn Sent: Tuesday, August 19, 2003 09:56 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] [OT:] SoBig.E These are flowing in by the hundreds. I have banext turned on but the .eml that goes back to the sender gets held up. 1) Can I block the sending IP if I know it? 2) How can I analyze exactly how many are flowing in? 3) Does anyone else use mcafee? I do not see it updated in their dats? Thanks Scott Hahn - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 9:25 AM Subject: Re: [Declude.Virus] [OT:] SoBig.E Holy cow.. Anyone else notice a MAJOR influx of infected messages with the SoBig.E virus? We just received about 10 messages in a matter of 5 minutes (which is a lot since we average about 3000 messages a day).. It's actually Sobig.F, a new variant that was just released today. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Vulnerability messages
I have the following in my vulnerability.eml file: SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability ONLYSENDIFREMOTESENDER SKIPIFRECIP [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: %ALLRECIPS%,[EMAIL PROTECTED] Subject: We blocked an e-mail sent to you! The notice is still being sent to [EMAIL PROTECTED] John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] SoBig F
FYI: Mcafee's Extra Dat is not catching all instances of this virus... However, it is still being dropped by the banned pif extension. Darrell --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Vulnerability messages
I have the following in my vulnerability.eml file: SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability ONLYSENDIFREMOTESENDER SKIPIFRECIP [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: %ALLRECIPS%,[EMAIL PROTECTED] Subject: We blocked an e-mail sent to you! The notice is still being sent to [EMAIL PROTECTED] Is there just one space or tab in there? Have you double-checked to make sure that the E-mail address is correct (no typos)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] SoBig.F?
Are you seeing this as a pif inside an attached .eml? Although not caught by anything, I had a very strange undeliverable mail message in my box today that fit this criteria. The Sender and rDNS were both blank in the message. Received: from is3.auto-trol.com [143.198.15.20] by staffingtech.com with ESMTP (SMTPD32-7.15) id A35EB800B6; Tue, 19 Aug 2003 09:17:18 -0400 Received: by is3.auto-trol.com with Internet Mail Service (5.5.2653.19) id QZFVHFY3; Tue, 19 Aug 2003 07:17:17 -0600 Message-ID: [EMAIL PROTECTED] From: System Administrator [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Undeliverable: Re: That movie Date: Tue, 19 Aug 2003 07:17:16 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: Content-Type: multipart/mixed; boundary=_=_NextPart_000_01C36654.363E1673 X-RBL-Warning: IPNOTINMX: X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 143.198.15.20 with no reverse DNS entry. X-Declude-Sender: [143.198.15.20] X-Declude-Spoolname: D235e00b800b6d9fd.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Declude: Version 1.75i2; D235e00b800b6d9fd.SMD X-Declude: Failed IPNOTINMX, REVDNS [5] X-Note: This E-mail was sent from [No Reverse DNS] ([143.198.15.20]). X-Countries: UNITED STATES-destination Return-Path: X-Note: - Total spam weight of this E-mail is 5. X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 300613514 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andy Schmidt Sent: Tuesday, August 19, 2003 11:32 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] SoBig.F Hi Scott: I used McAfee and it started blocking it since 8:31 EDT (I pull in their daily updates hourly). 08/19/2003 08:31:18 Q1893028b01baf614 Scanner 1: Virus= the W32/[EMAIL PROTECTED] virus !!! Attachment=details.pif [11] I 08/19/2003 08:31:18 Q1893028b01baf614 Found a bogus .pif file 08/19/2003 08:31:18 Q1893028b01baf614 File(s) are INFECTED [ the W32/[EMAIL PROTECTED] virus !!!: 13] 08/19/2003 08:31:18 Q1893028b01baf614 Scanned: CONTAINS A VIRUS [MIME: 4 76174] 08/19/2003 08:31:18 Q1893028b01baf614 From: [Forged] To: [EMAIL PROTECTED] [incoming from x.x.x.x] 08/19/2003 08:31:18 Q1893028b01baf614 Subject: DELIVERY FAILURE: User name ([EMAIL PROTECTED]) not listed in DominoDirectory Best Regards Andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Hahn Sent: Tuesday, August 19, 2003 09:56 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] [OT:] SoBig.E These are flowing in by the hundreds. I have banext turned on but the .eml that goes back to the sender gets held up. 1) Can I block the sending IP if I know it? 2) How can I analyze exactly how many are flowing in? 3) Does anyone else use mcafee? I do not see it updated in their dats? Thanks Scott Hahn - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 9:25 AM Subject: Re: [Declude.Virus] [OT:] SoBig.E Holy cow.. Anyone else notice a MAJOR influx of infected messages with the SoBig.E virus? We just received about 10 messages in a matter of 5 minutes (which is a lot since we average about 3000 messages a day).. It's actually Sobig.F, a new variant that was just released today. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] SoBig.F
Hello Andy, I used McAfee and it started blocking it since 8:31 EDT (I pull in their daily updates hourly). How do you pull the updates hourly? I use the Instant Updater but it looks that it does the updates just once per day. Adolfo Justiniano Santa Cruz BBS e-mail: [EMAIL PROTECTED] http://www.scbbs.net --- [This E-mail was scanned for viruses by the Santa Cruz BBS anti-virus system] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] SoBig F
Hm - I've seen a few messages go through that were generated by the virus - but that did NOT include any attachment. They were scanned and cleaned by an outbound virus scanner on the other side. I have yet to actually see any infected virus making it to my inbox - yet I've seen a hundreds being rejected. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock Sent: Tuesday, August 19, 2003 12:23 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] SoBig F FYI: Mcafee's Extra Dat is not catching all instances of this virus... However, it is still being dropped by the banned pif extension. Darrell --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] How to Get McAfee Daily Updates
I created a batch file that runs hourly - it usually finds updated files several times a day. (The curl.exe is a shareware utility to automate HTTP downloads). kill curl -f curl http://download.nai.com/products/mcafee-avert/daily_dats/SDATDAILY.EXE -o SDATDAILYrun.EXE -s -S -R -z SDATDAILY.EXE SDATDAILYrun.EXE /silent copy SDATDAILYrun.EXE SDATDAILY.EXE erase SDATDAILYrun.EXE Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adolfo Justiniano Sent: Tuesday, August 19, 2003 12:48 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] SoBig.F Hello Andy, I used McAfee and it started blocking it since 8:31 EDT (I pull in their daily updates hourly). How do you pull the updates hourly? I use the Instant Updater but it looks that it does the updates just once per day. Adolfo Justiniano Santa Cruz BBS e-mail: [EMAIL PROTECTED] http://www.scbbs.net --- [This E-mail was scanned for viruses by the Santa Cruz BBS anti-virus system] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] SoBig F
FYI: Mcafee's Extra Dat is not catching all instances of this virus... However, it is still being dropped by the banned pif extension. Wow! I've noted over 200 hits of this virus today so far. sheesh. Paul - Glad I have Fprot checking for updates every 2 hours to be safe. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Turing off .pif notifications? (sobig.F)
I have BANEXT active, and as a courtesy I have a notification through Delcude going out in case someone is legitimately trying to send an .exe file. Is there anyway to turn this off for the .pif extension? The SOBIG.F Virus is sending this to all my users with fake e-mail addresses and then the notice is going out to either the innocent or to bad addresses - this is generating more useless e-mail traffic. I'd like to keep the notify on the .exe (for now) but is there a way to turn it off for just the .pif? Thanks - Marc --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Vulnerability messages
Is there just one space or tab in there? Have you double-checked to make sure that the E-mail address is correct (no typos)? Hanging Head in Shame 2 Tabs. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Sobig.F
F-Prot is catching Sobig.F, but McAfee is still not picking them up. Looks like a reversal of last weeks problem with F-Prot not catching the virus and McAfee catching it. I'm glad I'm running dual scanners. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Turing off .pif notifications? (sobig.F)
I have BANEXT active, and as a courtesy I have a notification through Delcude going out in case someone is legitimately trying to send an .exe file. Is there anyway to turn this off for the .pif extension? The SOBIG.F Virus is sending this to all my users with fake e-mail addresses and then the notice is going out to either the innocent or to bad addresses - this is generating more useless e-mail traffic. I'd like to keep the notify on the .exe (for now) but is there a way to turn it off for just the .pif? No, there is not a way to turn them off for just one specific extension. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] OT Virus scanner for...
No computer on any network I support will be without its own AV software. The reason is, just because you can scan another workstation's c drive from across the network does not mean that it is clean. Plus, RTFP does not work well that way. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Danny Klopfer Sent: Tuesday, August 19, 2003 10:28 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] OT Virus scanner for... John, Do you run this from one server and scan other servers across the network? I'm assuming if you have a 10 user pack you could install on 1 computer and scan 9 others? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Thursday, August 14, 2003 12:34 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] OT Virus scanner for... I use Symantec (Norton) Corporate 8.1. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Danny Klopfer Sent: Thursday, August 14, 2003 11:43 AM To: [EMAIL PROTECTED] Subject: [Declude.Virus] OT Virus scanner for... I'm curious as to what online scanner everyone is using for Windows 2000 Advanced Server? I'm using f-prot for email but want to add a scanner for the system itself. TIA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Sobig.F
McAfee is catching it fine here. Make sure your virus definitions are at least at 4.0.4287. Bill - Original Message - From: Bill Newberg [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 10:29 AM Subject: [Declude.Virus] Sobig.F F-Prot is catching Sobig.F, but McAfee is still not picking them up. Looks like a reversal of last weeks problem with F-Prot not catching the virus and McAfee catching it. I'm glad I'm running dual scanners. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Turing off .pif notifications? (sobig.F)
We're getting poiunded todat also with pif's and scr's from SoBig... How much of a risk would it be to temporarily rem this setting in the BanExt area, allow Declude to filter and quarantine the message and then use the SKIP option to not send out a message to sender ??? Sincerely, Randy Armbrecht Global Web SolutionsR, Inc. 804-346-5300 ext. 1 877-800-GLOBAL (4562) ext. 1 http://globalweb.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, August 19, 2003 1:32 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Turing off .pif notifications? (sobig.F) I have BANEXT active, and as a courtesy I have a notification through Delcude going out in case someone is legitimately trying to send an .exe file. Is there anyway to turn this off for the .pif extension? The SOBIG.F Virus is sending this to all my users with fake e-mail addresses and then the notice is going out to either the innocent or to bad addresses - this is generating more useless e-mail traffic. I'd like to keep the notify on the .exe (for now) but is there a way to turn it off for just the .pif? No, there is not a way to turn them off for just one specific extension. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This msg Virus Scanned by GlobalWeb.net] --- [This msg Virus Scanned by GlobalWeb.net] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Sobig.F
Mc Afee was blocking Sobig.f as of 8:31 AM Eastern Time on my server according to my Declude Log files before I read the first reports on this list. Are your virus signatures up to date/hour. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Newberg Sent: Tuesday, August 19, 2003 01:29 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Sobig.F F-Prot is catching Sobig.F, but McAfee is still not picking them up. Looks like a reversal of last weeks problem with F-Prot not catching the virus and McAfee catching it. I'm glad I'm running dual scanners. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Turing off .pif notifications? (sobig.F)
Big Hugh risk. If it is being caught by banned extension, the AV scanner is not catching it. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of GlobalWeb.net Webmaster Sent: Tuesday, August 19, 2003 10:37 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Turing off .pif notifications? (sobig.F) We're getting poiunded todat also with pif's and scr's from SoBig... How much of a risk would it be to temporarily rem this setting in the BanExt area, allow Declude to filter and quarantine the message and then use the SKIP option to not send out a message to sender ??? Sincerely, Randy Armbrecht Global Web SolutionsR, Inc. 804-346-5300 ext. 1 877-800-GLOBAL (4562) ext. 1 http://globalweb.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, August 19, 2003 1:32 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Turing off .pif notifications? (sobig.F) I have BANEXT active, and as a courtesy I have a notification through Delcude going out in case someone is legitimately trying to send an .exe file. Is there anyway to turn this off for the .pif extension? The SOBIG.F Virus is sending this to all my users with fake e-mail addresses and then the notice is going out to either the innocent or to bad addresses - this is generating more useless e-mail traffic. I'd like to keep the notify on the .exe (for now) but is there a way to turn it off for just the .pif? No, there is not a way to turn them off for just one specific extension. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This msg Virus Scanned by GlobalWeb.net] --- [This msg Virus Scanned by GlobalWeb.net] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Sobig.F [OT]
By the looks of things, this virus is going to be worse then the Klez. It's amazing the number of e-mail received. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Sobig.F [OT]
I have to concur on this, we are seeing our traffic levels increased by a factor of 7 due to this virus.. Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster Sent: Tuesday, August 19, 2003 3:25 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Sobig.F [OT] By the looks of things, this virus is going to be worse then the Klez. It's amazing the number of e-mail received. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Turing off .pif notifications? (sobig.F)
But if the AV scanner is catching it (FPROT updates every 2 hours) , how much of an increase in system resources will be utilized in actually performing scanningthis is the question I was was weighing... Sincerely, Randy Armbrecht Global Web SolutionsR, Inc. 804-346-5300 ext. 1 877-800-GLOBAL (4562) ext. 1 http://globalweb.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Tuesday, August 19, 2003 2:44 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Turing off .pif notifications? (sobig.F) Big Hugh risk. If it is being caught by banned extension, the AV scanner is not catching it. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of GlobalWeb.net Webmaster Sent: Tuesday, August 19, 2003 10:37 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Turing off .pif notifications? (sobig.F) We're getting poiunded todat also with pif's and scr's from SoBig... How much of a risk would it be to temporarily rem this setting in the BanExt area, allow Declude to filter and quarantine the message and then use the SKIP option to not send out a message to sender ??? Sincerely, Randy Armbrecht Global Web SolutionsR, Inc. 804-346-5300 ext. 1 877-800-GLOBAL (4562) ext. 1 http://globalweb.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, August 19, 2003 1:32 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Turing off .pif notifications? (sobig.F) I have BANEXT active, and as a courtesy I have a notification through Delcude going out in case someone is legitimately trying to send an .exe file. Is there anyway to turn this off for the .pif extension? The SOBIG.F Virus is sending this to all my users with fake e-mail addresses and then the notice is going out to either the innocent or to bad addresses - this is generating more useless e-mail traffic. I'd like to keep the notify on the .exe (for now) but is there a way to turn it off for just the .pif? No, there is not a way to turn them off for just one specific extension. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This msg Virus Scanned by GlobalWeb.net] --- [This msg Virus Scanned by GlobalWeb.net] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This msg Virus Scanned by GlobalWeb.net] --- [This msg Virus Scanned by GlobalWeb.net] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Sobig.F [OT]
And now I've noticed that there are more and more coming from DSL lines and the private sector instead of universities (as a majority of the first infections on my end were coming from).. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock Sent: Tuesday, August 19, 2003 2:32 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Sobig.F [OT] I have to concur on this, we are seeing our traffic levels increased by a factor of 7 due to this virus.. Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster Sent: Tuesday, August 19, 2003 3:25 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Sobig.F [OT] By the looks of things, this virus is going to be worse then the Klez. It's amazing the number of e-mail received. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Virtualsis.com
Will the admin for this domain contact me off list ASAP. Your notification configuration needs adjusting. You are sending notices to forged addresses. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] sobig.f rules added to Message Sniffer
For those of you evaluating Message Sniffer, we highly recommend that you download the latest rulebase file from the web site. We have added a collection of rules to capture viable and non-viable forms of the sobig.f worm. You can get this file (sniffer2.snf) from the Try-It page on our site: http://www.sortmonster.com/MessageSniffer/Try-It.html Hope this helps, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster, www.SortMonster.com VOX: 703-406-2016 FAX: 703-406-2017 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Sobig.F
Can anyone share the McAfee definition files for this? Our's is currently at 4286 and I can't get in manually or automatically to download the current definition files. Thanks, Dan - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 1:42 PM Subject: Re: [Declude.Virus] Sobig.F McAfee is catching it fine here. Make sure your virus definitions are at least at 4.0.4287. Bill - Original Message - From: Bill Newberg [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 10:29 AM Subject: [Declude.Virus] Sobig.F F-Prot is catching Sobig.F, but McAfee is still not picking them up. Looks like a reversal of last weeks problem with F-Prot not catching the virus and McAfee catching it. I'm glad I'm running dual scanners. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. This E-mail is scanned and free from viruses. www.nexustechgroup.com This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Sobig.F
Go to www.nai.com and select the Downloads link. Grab the latest engine update (SuperDat File (Engine + DAT)) which will upgrade your engine to 4.2.60 and the virus definitions to 4.0.4287. Bill - Original Message - From: Dan Geiser [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 2:12 PM Subject: Re: [Declude.Virus] Sobig.F Can anyone share the McAfee definition files for this? Our's is currently at 4286 and I can't get in manually or automatically to download the current definition files. Thanks, Dan - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 1:42 PM Subject: Re: [Declude.Virus] Sobig.F McAfee is catching it fine here. Make sure your virus definitions are at least at 4.0.4287. Bill - Original Message - From: Bill Newberg [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 10:29 AM Subject: [Declude.Virus] Sobig.F F-Prot is catching Sobig.F, but McAfee is still not picking them up. Looks like a reversal of last weeks problem with F-Prot not catching the virus and McAfee catching it. I'm glad I'm running dual scanners. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. This E-mail is scanned and free from viruses. www.nexustechgroup.com This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Sobig.F
Forget it. I finally got through to McAfee's web site. Sorry for bothering y'all!!! - Original Message - From: Dan Geiser [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 5:12 PM Subject: Re: [Declude.Virus] Sobig.F Can anyone share the McAfee definition files for this? Our's is currently at 4286 and I can't get in manually or automatically to download the current definition files. Thanks, Dan - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 1:42 PM Subject: Re: [Declude.Virus] Sobig.F McAfee is catching it fine here. Make sure your virus definitions are at least at 4.0.4287. Bill - Original Message - From: Bill Newberg [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 10:29 AM Subject: [Declude.Virus] Sobig.F F-Prot is catching Sobig.F, but McAfee is still not picking them up. Looks like a reversal of last weeks problem with F-Prot not catching the virus and McAfee catching it. I'm glad I'm running dual scanners. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. This E-mail is scanned and free from viruses. www.nexustechgroup.com This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. This E-mail is scanned and free from viruses. www.nexustechgroup.com This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Sobig - Easy to Detect?
Hi, Is it just me, or is Sobig.F always adding the fake header: X-MailScanner: Found to be clean Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Sobig - Easy to Detect?
As far as I can tell yes. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 - Your Full Time Professionals - Mikrotik OEM dealer - Online Store http://www.fament.net/ -- AS Hi, AS Is it just me, or is Sobig.F always adding the fake header: AS X-MailScanner: Found to be clean AS Best Regards AS Andy Schmidt AS Phone: +1 201 934-3414 x20 (Business) AS Fax:+1 201 934-9206 AS --- AS [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] AS --- AS This E-mail came from the Declude.Virus mailing list. To AS unsubscribe, just send an E-mail to [EMAIL PROTECTED], and AS type unsubscribe Declude.Virus.The archives can be found AS at http://www.mail-archive.com. -- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Sobig.f
I just checked - we caught 4,700 occurrences of this virus so far since this morning at 8:31 AM EDT. This is by a huge margin the most aggressive virus that I've ever observed. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
