2 MX Servers not Receiving Same Viruses
mikea
mikea at MIKEA.ATH.CX
Thu Mar 18 22:48:07 GMT 2004
On Thu, Mar 18, 2004 at 03:32:33PM -0700, Daniel Straka wrote:
> Hello List,
>
> I'm Dan Straka, I work at Casper College in Casper, WY (USA),
> www.caspercollege.edu. I've got my first question for the list.
>
> I've got 2 MX servers (with different cost values in DNS) and the viruses
> being intercepted by Sophos on these machines are not the same. For
> instance, one is receiving Netsky and Bagle variations but the other one
> is not. On the opposite machine, it's receiving Mymail and Sefex
> variations but the other does not. I thought this is a bit strange.
>
> Question, does this have to do with the MX cost value being different in
> DNS, or are the machines being targeted differently by the virused email?
Some ratware deliberately targets the highest-value MX, other ratware
just goes for the lowest. I suspect that the thinking behind going for
the most expensive is that it probably is a fallback server not under
the direct control of the mailadmin, but configured and maintained for
him/her by someone else -- not uncommonly in another organization --
and hence may not have all the filters, up-to-date access list or
equivalent, and so on.
--
Mike Andrews
mikea at mikea.ath.cx
Tired old sysadmin
More information about the MailScanner
mailing list