sobig virus

Joe Stuart jstuart at EDENPR.K12.MN.US
Wed Aug 20 16:42:09 IST 2003 

I cannot find it on my network anywhere it has to be a remote machine

>>> Ulysees at ULYSEES.COM 08/20/03 10:39AM >>>
have i always been reading my mail logs wrong or do we not already know
what
that machine is ?

> Recieved from PC2860
<---- name used in helo or ehlo (yes it does look like a silly windows
box)
>        (splkpark.k12.mn.us[204.169.235.111])
<---- actual address of machine & reverse resolved name
>         by edenpr.k12.mn.us; Wed, 20 Aug 2003 09:32:28 -0500       
<---- 
receiving server


----- Original Message ----- 
From: "Samuel Luxford-Watts" <slwatts at WINCKWORTHS.CO.UK>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Wednesday, August 20, 2003 4:33 PM
Subject: Re: [MAILSCANNER] sobig virus


Or go to dos prompt and type 'nbtstat -a pc2860' - may give you more
info

-----Original Message-----
From: Mike Kercher [mailto:mike at CAMAROSS.NET] 
Sent: 20 August 2003 16:36
To: MAILSCANNER at JISCMAIL.AC.UK 
Subject: Re: sobig virus


Go to a DOS prompt and 'ping PC2860' and see if you get a reply.

Mike


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf
Of Joe Stuart
Sent: Wednesday, August 20, 2003 10:27 AM
To: MAILSCANNER at JISCMAIL.AC.UK 
Subject: Re: sobig virus


Ok so it's the netbios name of the remote computer sending the virus.
Or is
PC2860 one of my machines? And if it's a remote computer how come all
the
rest of the email coming in has Recieved: from scrubber.edenpr.org
which is
our server.

Thanks again

>>> mike at CAMAROSS.NET 08/20/03 10:24AM >>>
Correct...it is the NETBIOS name.

Mike


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf
Of Anders Andersson, IT
Sent: Wednesday, August 20, 2003 10:06 AM
To: MAILSCANNER at JISCMAIL.AC.UK 
Subject: SV: sobig virus


> -----Ursprungligt meddelande-----
> Från: Joe Stuart [mailto:jstuart at EDENPR.K12.MN.US] 
> Skickat: den 20 augusti 2003 16:50
> Till: MAILSCANNER at JISCMAIL.AC.UK 
> Ämne: sobig virus
>
>
> I have Mailscanner running with f-prot and it seems to be stopping
> about 10-15 viruses a minute which is extremely high vloume. It also
> seems that a lot of them are getting through. A usual header of an
> email that comes from the outside starts with
>
> Received: from scrubber.edenpr.org
>         by edenpr.k12.mn.us; Wed, 20 Aug 2003 09:34:42 -0500
>
> the ones getting through seem to be starting with
>
> Recieved from PC2860
>        (splkpark.k12.mn.us[204.169.235.111])
>         by edenpr.k12.mn.us; Wed, 20 Aug 2003 09:32:28 -0500
>
> And they are all .pif's. Scrubber is the server with mailscanner on
> it. I'm coinfused about the PC2860

Sound like the windows name for a computer....

>
> Thanks
> Joe
>

--------------
Winckworth Sherwood Solicitors and Parliamentary Agents
DX 148400 WESTMINSTER 5 : 35 Great Peter Street, London SW1P 3LR
Telephone 020 7593 5000 Fax 020 7593 5099

Do something amazing!
The firm is supporting a charitable bike ride through Vietnam and needs
your
help. For further information please visit
http://www.vietnambikeride.org 

-Confidentiality-
This email message and any attachments are confidential; they may be
subject
to legal professional privilege and are intended for the named
recipient
only. If you are not the named recipient, please return the message
and
enclosures immediately and delete them from your system.

-Caution-
Before advice received only by email (whether by attachment or
otherwise)
may be relied on, the authenticity of the communication must be
verified by
means independent of email.

-Regulation-
The firm is regulated by the Law Society.

-Partners-
A list of partners is available for inspection at each office of the
firm
and on the firm's website at http://www.winckworths.co.uk

More information about the MailScanner mailing list