W32/MiMail.A
Alex Neuman van der Hans
alex at nkpanama.com
Sat Apr 30 16:25:34 IST 2005
A good ruleset on web traffic using squid or whatever also helps a lot...
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Rose, Bobby
Sent: Friday, April 29, 2005 10:57 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: W32/MiMail.A
Actually we do...at least here in house. AV on the desktop, AV on the
mailbox servers (exchange), and AV on the email gateway. Been at this biz
for along time. I'm still waiting for one to appear in the quarantine to
see where it's coming from. Symantec just says it was detecting it in the
smtp queue and the server that is reporting it is the one that all mail from
the email (MailScanner) gateway uses to deliver mail into the exchange
system.
Yeh the AV is on the exchange servers is stopping it, but the mail gateway
(MailScanner) also handles forwarding to other places outside my management
control and I want to make sure that I'm not passing the problem onto
someone else.
Before I turned on quaranteening on Symantec, the last one came thru
mentioned that the attachment "Mime.822" located in message.... That is
kind of odd that the attachment is named that. I just wanted to send out a
quick feeler to gauge others.
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Martin Hepworth
Sent: Friday, April 29, 2005 11:42 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: W32/MiMail.A
So the moral os this is....
you need virus proctection every windows desktop, because that's where the
problem is.
like I've been saying for years really ;-)
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Kevin Miller wrote:
> Rose, Bobby wrote:
>
>> Is anyone else seeing this slip thru? The symantec stuff running on
>>our exchange servers is picking it up but it slipping thru my current
>>MailScanner and ClamAV configured email router. Symantec is saying
>>that it found W32.Mimail.a at mm in Unknown0000000.data within
>>message.html. Yesterday I added that to the banned filename types but
>>it still came thru so I'm wondering if it's another funky mime/header
>>issue.
>>
>>I'm running ClamAV .83 and Mailscanner 4.40.11 on Solaris 8. The
>>clamav defs are up to date. I'm going to try to quarantine one to get
>>a look at it.
>
>
> Are you sure the messages are coming through your MailScanner gateway?
> I had a similar problem a year or so ago where Trend would pick up
> viruses on Exchange. Turned out that one of my users had pointed
> their Outlook client at their home ISP so they could check non-local
> mail account. The viruses waltzed right in with nary so much as a
> 'howdy-do'. Fortunately, the bouncers from Trend took them in the
> back alley and pummelled them before they could cause a ruckus...
>
> ...Kevin
> --
> Kevin Miller Registered Linux User No: 307357
> CBJ MIS Dept. Network Systems Admin., Mail Admin.
> 155 South Seward Street ph: (907) 586-0242
> Juneau, Alaska 99801 fax: (907 586-4500
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
**********************************************************************
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This footnote confirms that this email message has been swept for the
presence of computer viruses and is believed to be clean.
**********************************************************************
------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list