Title: MyDoom going to non existant users
Over 1/2 the MyDoom emails we are receiving are being sent to users that don't even exist, as in, [EMAIL PROTECTED]
Is anyone else seeing this and is there any way to stop these emails before all the scanning is done on them?
Sharyn
Title: Message
I just ran my loganalyzer and yesterday we caught 1566 infected
messages and so this am we are at 1400+.
Scott, you have given us an awesome tool togive us the ability to
stop things cold.I noticed my banext messagesyesterday picking up (a
usual sign of a new virus) and
Well, yes! If I open a zip and catch a virus, woe on me. I'm supposed to
be experienced enough not to do that. Plus, my personal machine is
definitely as up to date as possible on virus defs.
Rob
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick
Title: Message
If they
don't exist how are you receiving them? Do you have nobody alias?
I've always wondered
that myself.
Perhaps you want to deactivate it for the duration
of this virus frenzy..
I will deactivate it permanently if I can find the freaking
thing.
Thanks!
Title: Message
If they
don't exist how are you receiving them? Do you have nobody alias?
OkFolks, color me stupid but wouldn't the nobody
alias be located in the "Alias"
folder?
If this is the case, thenthe mysterious nobody is
non existant and I still don't have a clue why these emails
Hi,
I'm running the 1.77 beta and over the past month I'm not sure this feature
is working correctly. With this beta it's on by default but it didn't seem
to be working so I added
AUTOFORGE ON
Is the new Mydoom listed and is there a way to find what other virus the
AUTOFORGE are listing? Is
Title: Message
Are you running as a gateway?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharyn Schmidt
Sent: Tuesday,
January 27, 2004 6:45 AM
To: [EMAIL PROTECTED]
FYI, 75% of desktops will not have the correct updated definitions for this
for at least a few hours after the outbreak occurs, do to the nature of
definition updates and propagation thereof.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL
Hello,
we are using F-Prot and AVG, but Grisoft changed the licensing, I think the
AVG Network Edition for 2 Servers should be ok. it costs 75$/, including 2
years of updates. That's almost as low as F-Prot ;-)
Alex
-Original Message-
From: Charles Frolick [mailto:[EMAIL PROTECTED]
Title: Message
Ditto. J
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Don Hickey
Sent: Tuesday,
January 27, 2004 6:01 AM
To: [EMAIL PROTECTED]
Subject: Re:
Hello,
is there a tool to check mail for Outlook Vulnerabilities?
Not Declude, a command line tool that tells me the line or something like
that.
We are getting many of them, from small, big an bigger companies.
Or anything I can see/do?
Alex
---
[This E-mail was scanned for viruses by
To all that are having this problem. Please check the Q file to see if there
is at least one valid user listed.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Henry Isgett
To all that are having this problem. Please check the Q file to see if
there is at least one valid user listed.
We are required by federal law, due to the nature of our business, to
keep copies of all email received so we use the copy all function in
IMAIL, sending every email received to a
Scott:
I am confused as
to how add this to JM.
Lets say we want
to send a copy of the email to a certain mailbox and also CC the spam address
for the domain.
Rule1 mailbox spam
Rule1 COPYTO[EMAIL PROTECTED]
can these be done
with one rule or is mailbox a final action?
Regards,
Kami
I am confused as to how add this to JM.
Lets say we want to send a copy of the email to a certain mailbox and also
CC the spam address for the domain.
Rule1mailbox spam
Rule1COPYTO mailto:[EMAIL PROTECTED][EMAIL PROTECTED]
can these be done with one rule or is mailbox a final action?
Your secondary MX (gateway) is not user aware.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Henry Isgett
Sent: Tuesday, January 27, 2004 12:26 PM
To: [EMAIL PROTECTED]
Hello,
Can someone share there SCANFILE line out of the virus.cfg file
with me for Sophos.
I have been using the following in my virus.cfg
SCANFILE1 C:\Progra~1\Common~1\networ~1\viruss~1\4.0.xx\scan.exe /ALL /NOMEM /NOBEEP
/NOBREAK /UNZIP /SILENT /NODDA /REPORT report.txt
VIRUSCODE1 13
Most system notifications come by way of the null SMTP sender, , while
having a valid address in the from field. If I'm not mistaken, Declude
Virus can't be configured this way.
Correct (IMail's imail1.exe process, which is used to send the
notifications, does not allow E-mail to be sent from
Easier, do not send the notifications out at all for viruses like this.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of Matt
Sent: Tuesday, January 27, 2004 2:53 PM
To:
I was afraid of that...
Would it work to have a Reply-To address of instead? Assuming of
course that Declude Virus supports Reply-To and mailer daemon's would
use the Reply-To address.
John, I'm considering this, however I have not yet come to a conclusion
about what to do here. Some
Would it work to have a Reply-To address of instead? Assuming of
course that Declude Virus supports Reply-To and mailer daemon's would use
the Reply-To address.
It might be worth a try, but I don't think it will work. Most bounce
messages will normally go to the return address (in the SMTP
Matt, here is what I have done for MyDoom:
SKIPIFVIRUSNAMEHAS MyDoom for all gateway domains on recip.eml
SKIPIFVIRUSNAMEHAS MyDoom for postmaster.eml, otherpostmaster1.eml and
sender.eml
That is the same policy I established for Swen.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
If that doesn't work, the Reply-To functionality could still be used as
a kludge.
Set the From address to [EMAIL PROTECTED] Set the Reply-To
address to [EMAIL PROTECTED] Set up an IMail rule to delete any
message sent to [EMAIL PROTECTED] This way, if an end-user
wants to reply, it should
To the admin responsible for the Imail server running Declude at
Camargocadillac.com, I have attempted 3 times to notify you to have you stop
sending out Declude notifications to forged addresses. Please correct this
problem.
This is also to serve as a reminder to all other Declude admins to
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
I was looking at the virus manual site and noticed that the TrendMicro
config entry does not have a report line. Is this because Trend does
not
provide a report output the Declude can track? Just wondering because we
are
To the admin responsible for the Imail server running Declude at
Camargocadillac.com, I have attempted 3 times to notify you to have you stop
sending out Declude notifications to forged addresses. Please correct this
problem.
We sent them an E-mail earlier today (their ISP, actually), after
On today's fast computers you probably won't be able to detect a time
difference. Here's what I was referring to-
#1: Search: -AI -ARCHIVE -DUMB -NOBOOT -NOBREAK -NOMEM -PACKED
-SILENT -TYPE -REPORT=report.txt
f:\SolarWinds-NetPerfMon-V6-AX100-Eval.zip
#2: Search:
I just noticed the following in one such header:
Return-path:
Is is possible that a daemon would honor the Return-path (RFC 2821)?
I've noted that Netscape 7.1 at least doesn't, but it's a mail client
and not a server...
3.8.4 Other Header Fields in Gatewaying The gateway MUST
ensure that
You don't by chance have your system set up to relay for local addresses do
you?
I ask because IMAIL is accepting the message and the message appears to be
from a local username (probably forged -- unless you are seeing infected
emails from your actual users). The copyall account should not be
I'm not sure that I understand what your recommending here. My SCANFILE
line in virus.cfg for f-prot doesn't look like that. Are you
recommending a change in the SCANFILE line for f-prot users?? If so,
which one are you recommending?
Todd Holt
Xidix Technologies, Inc
Las Vegas, NV USA
11am that is that same day..
Best regards,
Eje Gustafsson mailto:[EMAIL PROTECTED]
---
Family Entertainment Network eFax : 240-376-7272
Phone : 620-231- Fax : 620-231-4066
Online Store http://www.wisp-router.com/
- Your
Wasn't available in the regular updates until way later but was
available at least around 3pm in the daily updates files I ftp
download (wasn't there around 11pm).
Best regards,
Eje Gustafsson mailto:[EMAIL PROTECTED]
---
Family Entertainment Network eFax :
Hi
i'm still using forgingvirus and want to enable autoforge
what will happen if a virus is marked by both ?
can we change the autoforge action so it just tag the virus as forgingvirus
?
TIA
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail
33 matches
Mail list logo
