Ok, this calls for a white hat virus creator.
A virus that will infect all these unpatched computers, and the only thing
it does is create a big bold red popup every 15 minutes that says Patch your
computer, you dummy.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
K, What need to go into the config?
This message is intended only for the named recipients and may contain
information that is confidential, privileged or exempt from disclosure under
applicable law.
Any dissemination, use, or copying of this message is strictly prohibited
without the
I'll buy that virus!
Greg
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff
(Lists)
Sent: Tuesday, August 26, 2003 4:57 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Sobig, the next wave?
Ok, this calls for a white hat virus creator.
Okay, I'll donate some funds.
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com/
-Original Message-
From: [EMAIL
A virus that will infect all these unpatched computers, and the only thing
it does is create a big bold red popup every 15 minutes that says Patch
your
computer, you dummy.
I can hear the tech calls now.
I have this big window calling me a dummy. what am I supposed to do?
Easiest way is to rename the appropriate .eml message to _eml.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Security Department
Sent: Tuesday,
People a typically unaware that their machine is infected - because it
continues to function perfectly.
That is very true.
We infected a computer in our virus lab with Sobig.F, and you couldn't tell
anything unusual was happening. The file didn't seem to do anything when
it was run (so the
I like that idea very much...
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, August 26, 2003 1:56 PM
Subject: RE: [Declude.Virus] Sobig, the next wave?
Ok, this calls for a white hat virus creator.
A virus that will infect
Where do i send my donation to get this going LOL! let's do it.
- Original Message -
From: Andy Schmidt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, August 26, 2003 3:02 PM
Subject: RE: [Declude.Virus] Sobig, the next wave?
Okay, I'll donate some funds.
Best Regards
Andy
Not exactly a new idea ... :)
http://www.symantec.com/avcenter/venc/data/w32.welchia.worm.html
At 07:54 PM 8/26/2003 -0700, you wrote:
I like that idea very much...
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, August 26, 2003
Hahaha.. I have a list of about 20+ computer IPs that we can start with..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Webmaster Oilfield
Directory
Sent: Tuesday, August 26, 2003 9:54 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.Virus] Sobig, the
Is there any way to turn off email notifications to the
sender and recipient?
Thanks,
Rick
Rick OConnor
Blu Sky Web Solutions :: professional
website design, hosting, and application design.
www.bluskywebsolutions.com
That's true, also most people don't know how they have to patch their
computer, or even what all this stuff means. They are not stupid, but are
unknown. That's where we come in. Advice and help those people is our job.
But too much is too much.
So what I do is create a message with a removal/fix
This has been answered, what, maybe 5
times in the last week?
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Rick O'Connor
Sent: Tuesday,
Title: Message
Hi,
I am trying toget the batch log analyser as per
(http://www.mail-archive.com/[EMAIL PROTECTED]/msg01377.html)
however I keep on getting the error :
Invalid
number. Numeric constants are either decimal(17), hexdecimal (0x11), or octal
(021)
which appears to come from
Is there any way to turn off email notifications to the sender and recipient?
You can delete the \IMail\Declude\sender.eml and
\IMail\Declude\otherpostmaster.eml files.
Most likely, though, you're just having a problem with Sobig.F -- if that's
the case, you can download the latest versions of
As postmaster I am getting skads of emails from Declude about the
mailto:W32/[EMAIL PROTECTED]W32/[EMAIL PROTECTED] virus. Is this one of the forging
ones that I could add
a line to my eml files to avoid getting all these emails?
9de64af.gif
inline: 9de64af.gif
Regards a major increase in Sobig, this is what happened here.
John
Log File Summary -
Log NameVirus Count Total Scanned
vir0801.log 2 2
vir0802.log 5 5
vir0803.log 1
vir0819.log 437 437
vir0820.log 2,939 2,939
vir0821.log 3,937 3,937
vir0822.log 2,755 2,755
vir0823.log 275 275
vir0824.log 91 91
vir0825.log 8,525
vir0819.log 437 437
vir0820.log 2,939 2,939
vir0821.log 3,937 3,937
vir0822.log 2,755 2,755
vir0823.log 275 275
vir0824.log 91 91
vir0825.log 8,525
I had a much more drastic increase since Saturday - but it turned out to be
a secondary problem where a virus was sent to [EMAIL PROTECTED] - triggering
Imail's list server to respond with invalid command - that email was sent
to the apparent sender - which unfortunately was some other provider's
You can download it here http://www.csonline.net/imailstuff/viruslog.htm
There is also a batch file that does a similar thing but I can't get it
work (see post below). This is one of the tools available in the tools
section on declude.com http://www.declude.com/tools/index.html
Pat
I don't think that's a dumb question 'cuz I would like to know that too..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sharyn Schmidt
Sent: Wednesday, August 27, 2003 8:36 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Sobig, the next wave?
As postmaster I am getting skads of emails from Declude about the
mailto:W32/[EMAIL PROTECTED]W32/[EMAIL PROTECTED] virus. Is this one of the
forging ones that I could add
a line to my eml files to avoid getting all these emails?
We recently started seeing those, and it does appear to be a
Is there a similar program that reports on SPAM mail (using I-Mail's
included SPAM filter, not Junkmail)? I realize this is more of an Ipswitch
question but I find there are much more informed folks over here.
Thanks,
Rodney
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
CFMAILPARAM NAME=Reply-To VALUE=#form.to#
CFMAILPARAM NAME=Message-ID VALUE=#CreateUUID()[EMAIL PROTECTED]
The Message ID is the one that usually triggered my tests. I included these
to variables and have not had any trouble since.
Thanks,
Kris McElroy
[EMAIL PROTECTED]
Internet Systems
You can download it here http://www.csonline.net/imailstuff/viruslog.htm
It *is* my day for dumb questions, or perhaps it's a tribute to Declude
virus that I haven't had to touch the config file since the day I
installed it. After changing the loglevel to MID to use this tool, does
anything need
What log anylizer gave you these stats?
Greg Hedgepath
[EMAIL PROTECTED]
http://www.CFHosting.net/
ICQ#: 290276 | AIM: colFu
Yahoo: cfhosting
msn: [EMAIL PROTECTED]
- Original Message -
From: John Carter [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 27, 2003 9:21 AM
You need to restart the SMTP server to let the changes take effect
-Original Message-
From: Sharyn Schmidt [mailto:[EMAIL PROTECTED]
Sent: 27 August 2003 15:22
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Virus] Sobig, the next wave?
You can download it here
Hmmm.. I ran it and got these results:
Virus Log Analyzer 1.2 Report Date: 8/27/2003 10:48:57 AM
Source Files: ***
vir0820.log
*
Scan Summary
I think that is it. Note: I have Log_Ok None in the config. So the
total scanned only shows caught emails and total clean is zero. But I
prefer the smaller virus log files.
John
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sharyn Schmidt
Sent:
I didn't, just changed the log level from LOW to MID. I just got my first
five viruses after changing it and they showed up in the output log.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Pat Hastings
Sent: Wednesday, August 27, 2003 10:30 AM
To:
did you set your log level to MID?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Jeff Maze -
Hostmaster
Sent: Wednesday, August 27, 2003 10:55 AM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus] Virus Log Analyzer..
Hmmm.. I ran it and got
Hi Tyler,
update to 2.22:
http://www.csonline.net/imailstuff/VirusLogAnalyzer222.exe
although this one is still not working for me either
viruscount ...nothing.
still waiting fro suggestions.
Fred.
- Original Message -
From: Tyler Jensen [EMAIL PROTECTED]
To: [EMAIL
From the report format I believe you downloaded this from
http://www.csonline.net/imailstuff/viruslog.htm
I belive the issue is your version. The report states Version 1.2. it should
be version 2.2.2
Try downloading version 2.2.2.
http://www.csonline.net/imailstuff/viruslog.htm (right above the
35 matches
Mail list logo