Will MailScanner pickup the W32/Bagle-Q virus?
DNSAdmin
dnsadmin at 1BIGTHINK.COM
Thu Mar 18 21:20:56 GMT 2004
At 03:59 PM 3/18/2004, you wrote:
>Eric Dantan Rzewnicki wrote:
>>Just to be clear ... 4.28.6 will not catch these?
>
>Wouldn't it be possible to pick these up with an SA rule looking for the
>"link"? Someone good at writing rules should give it a try and post here
>for those who can't upgrade right now.
Peter, and all those concerned,
At the firewall, block outgoing port 81/tcp, which is how you get infected
in the first place, and 2556/tcp incoming/outgoing. 2556 is the port used
once you are compromised.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_BAGLE.Q
Cheers,
Glenn
More information about the MailScanner
mailing list