Bagel.H

[Jason Balicki]

>> Some machine on our network has been infected by Worm.Bagel.J and
>> other variants. This is spawning a whole lot of mails with password
>> encrypted zip files which contain infected executables.
>>
>> We are using MailScanner-4.21 along with clamav-0.67-1.
>>
>> Anybody face a similar problem? Any pointers would be great.
>
>Find its IP, deny access to SMTP port via iptables.
>

Better yet, unplug it from the network until you get it
cleaned.

--J(K)