Exceeded Internet Timeout Virus?
in [Windows Viruses]
|
Prev: ISUSPM.exe
Next: Sasser virus
From: Lanwench [MVP - Exchange] on 9 Nov 2006 09:26 In news:00BE9D35-4EAF-4FC6-B8A1-F6506E5F2381(a)microsoft.com, Aragorn29 <Aragorn29(a)discussions.microsoft.com> typed: > "David H. Lipman" wrote: > >> From: "Aragorn29" <Aragorn29(a)discussions.microsoft.com> >> >> >>> I just copied the notification directly from Antigen on the above >>> post, >>> they were using the virus verbiage. Here is the latest one from the >>> log files. >>> >>> Tue Nov 07 16:57:55 2006 (2596-7028), "INFORMATION: Internet scan >>> found virus: Folder: SMTP Messages\Outbound >>> Message: Delivery Status Notification (Failure) >>> File: helpful_.gif >>> Incident: Exceeded Internet Timeout >>> State: Removed" >> >> Pretty lousy log ! >> >> All that can be gleamed from this is a outbound message with >> attached file; "helpful_.gif" exceeded a timout and was ultimately >> removed. >> >> It says "Internet scan found virus:". >> What virus ? >> What is the name of this virus and which AV software cdtected this ? >> >> All you can do is find out who the sender is and find the file >> "helpful_.gif" and then submit it to Virus Total as a prescribed >> earlier in this thread. >> >> In your original post, described the file name: "CODE_.gif" not >> "helpful_.gif". Were there TWO or more incidents ? >> >> You mention "We have Symantec 10. as the AV". Is that on the client >> PC or are you running a symantec AV version for MS Exchange Server ? >> If you are NOT, I suggest junking AntiGen for Symantec AV for MS >> Exchange Server or McAfee Anti Virus for Exchange Server. >> >> -- >> Dave >> http://www.claymania.com/removal-trojan-adware.html >> http://www.ik-cs.com/got-a-virus.htm >> >> >> > Yeah, I am not impressed with Antigen logs either. My problem on > the sender is the notification I get from Antigen is the sender is > postmaster(a)mydomain.com. Here is the exact notification I receive: > Microsoft Antigen for Exchange found a file infected with a virus. > The file is currently Removed. > File name: "helpful_.gif" > Virus name: "Exceeded Internet Timeout" > Message subject: "Delivery Status Notification _Failure_" > Sent from: "postmaster(a)mydomain.com" > Folder: "SMTP Messages\Outbound" > > I don't have a postmaster account in our environment and all the > notifcations refer to that account as sender. > > As far as file names and more than one incident , yes, it keeps > changing names of the gif file, I also am receiving notification of > the file being : body of message : instead of a gif file on some > notifications. > > On the AV question. unfortunatly I inherited this office recently and > they are not using the Symantec for Exchange version, I belive my > predecessor thought that Antigen would be enough for the exchange > scan. They have the same version of Symantec on the workstations as > they do the server. Not sure I can talk them into upgrading at this > time..... Note that I don't know many Exchange folks who would recommend Symantec *anything* over Antigen - or TrendMicro's ScanMail (which is what I tend to use). Regarding Postmaster - check the properties of the built-in administrator account & see whether postmaster@ is not defined therein. I suggest you try posting in m.p.exchange.admin - to cast a wider net here. A lot of people in there use Antigen.
From: David H. Lipman on 9 Nov 2006 14:52 From: "Lanwench [MVP - Exchange]" <lanwench(a)heybuddy.donotsendme.unsolicitedmail.atyahoo.com> | | Note that I don't know many Exchange folks who would recommend Symantec | *anything* over Antigen - or TrendMicro's ScanMail (which is what I tend to | use). | | Regarding Postmaster - check the properties of the built-in administrator | account & see whether postmaster@ is not defined therein. | | I suggest you try posting in m.p.exchange.admin - to cast a wider net here. | A lot of people in there use Antigen. | You'd be surprised at how many US Gov't. Exchange Servers (civilian and Military) use Symantec. In fact, the US DoD has a "wide license" providing all Symantec AV products to all the services (including the Coast Guard). -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
From: Lanwench [MVP - Exchange] on 10 Nov 2006 09:01
In news:OMSjpiDBHHA.5060(a)TK2MSFTNGP02.phx.gbl, David H. Lipman <DLipman~nospam~@Verizon.Net> typed: > From: "Lanwench [MVP - Exchange]" > <lanwench(a)heybuddy.donotsendme.unsolicitedmail.atyahoo.com> > > >> >> Note that I don't know many Exchange folks who would recommend >> Symantec *anything* over Antigen - or TrendMicro's ScanMail (which >> is what I tend to use). >> >> Regarding Postmaster - check the properties of the built-in >> administrator account & see whether postmaster@ is not defined >> therein. >> >> I suggest you try posting in m.p.exchange.admin - to cast a wider >> net here. A lot of people in there use Antigen. >> > > You'd be surprised at how many US Gov't. Exchange Servers (civilian > and Military) use Symantec. > > In fact, the US DoD has a "wide license" providing all Symantec AV > products to all the services (including the Coast Guard). I'm sure they have a very nice relationship with Symantec - although for the time being I'm not sure the fact that the DoD uses something is all that much to be proud of! I still don't know a lot of Exchange experts who like it. |