W32/MiMail.A

Steen, Glenn Glenn.Steen at AP1.SE
Mon May 2 14:20:34 IST 2005


> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Rose, Bobby
> Sent: den 29 april 2005 17:57
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: W32/MiMail.A
> 
> 
> Actually we do...at least here in house.  AV on the desktop, AV on the
> mailbox servers (exchange), and AV on the email gateway.  Been at this
> biz for along time.  I'm still waiting for one to appear in the
> quarantine to see where it's coming from.  Symantec just says it was
> detecting it in the smtp queue and the server that is reporting it is
> the one that all mail from the email (MailScanner) gateway uses to
> deliver mail into the exchange system.
> 
> Yeh the AV is on the exchange servers is stopping it, but the mail
> gateway (MailScanner) also handles forwarding to other places 
> outside my
> management control and I want to make sure that I'm not passing the
> problem onto someone else.
> 
> Before I turned on quaranteening on Symantec, the last one came thru
> mentioned that the attachment "Mime.822" located in 
> message....  That is
> kind of odd that the attachment is named that.  I just wanted to send
> out a quick feeler to gauge others.
Are you running just ClamAV on the MX? It's good, but not foolproof...
and it actually happens (quite frequently) that other AVs find a "new"
virus a qouple of hours prior to clam doings so... If you run freebsd or
linux, bitdefender is free...
And (of course)... Are you sure these aren't FPs? I'm not sure how
symantec does things, but wouldn't it quarantine something on the
m-sexchange that you could test at jotti or virus total...?

-- Glenn

> 
>  
> 
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Martin Hepworth
> Sent: Friday, April 29, 2005 11:42 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: W32/MiMail.A
> 
> So the moral os this is....
> 
> you need virus proctection every windows desktop, because that's where
> the problem is.
> 
> like I've been saying for years really ;-)
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> 
> Kevin Miller wrote:
> > Rose, Bobby wrote:
> >
> >> Is anyone else seeing this slip thru?  The symantec stuff 
> running on 
> >>our exchange servers is picking it up but it slipping thru 
> my current 
> >>MailScanner and ClamAV configured email router.  Symantec is saying 
> >>that it found W32.Mimail.a at mm in Unknown0000000.data within 
> >>message.html. Yesterday I added that to the banned filename 
> types but 
> >>it still came thru so I'm wondering if it's another funky 
> mime/header 
> >>issue.
> >>
> >>I'm running ClamAV .83 and Mailscanner 4.40.11 on Solaris 8.  The 
> >>clamav defs are up to date.  I'm going to try to quarantine 
> one to get
> 
> >>a look at it.
> >
> >
> > Are you sure the messages are coming through your 
> MailScanner gateway?
> 
> > I had a similar problem a year or so ago where Trend would pick up 
> > viruses on Exchange.  Turned out that one of my users had pointed 
> > their Outlook client at their home ISP so they could check 
> non-local 
> > mail account.  The viruses waltzed right in with nary so much as a 
> > 'howdy-do'.  Fortunately, the bouncers from Trend took them in the 
> > back alley and pummelled them before they could cause a ruckus...
> >
> > ...Kevin
> > --
> > Kevin Miller                Registered Linux User No: 307357
> > CBJ MIS Dept.               Network Systems Admin., Mail Admin.
> > 155 South Seward Street     ph: (907) 586-0242
> > Juneau, Alaska 99801        fax: (907 586-4500
> >
> > ------------------------ MailScanner list 
> ------------------------ To 
> > unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki 
> (http://wiki.mailscanner.info/) and the 
> > archives 
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> 
> **********************************************************************
> 
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to 
> whom they are
> addressed. If you have received this email in error please notify the
> system manager.
> 
> This footnote confirms that this email message has been swept for the
> presence of computer viruses and is believed to be clean.
> 
> **********************************************************************
> 
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list