[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] How to find W32.Klex.H@mm Virus on my server?

Subject: RE: [cobalt-users] How to find W32.Klex.H@mm Virus on my server?
From: "Paul Shuttleworth" <paul@xxxxxxxxxxxxxx>
Date: Wed Dec 17 01:26:00 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of David Lucas
> Sent: 17 December 2003 04:33
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-users] How to find W32.Klex.H@mm Virus on my
> server?
>
>
> At 07:30 PM 12/16/2003, you wrote:
> >David,
> >
> >Symantec Antivirus 2004 caught the following viruses while f-prot w/ the
> >latest virus def only caught the W32.Klex.H@mm virus. Here is
> what else it
> >missed by Symantec caught:
> >
> >The email attachment Fhvwk.zlq is infected with the W32.Klez.H@mm virus.
> >The email attachment test.zl9 is infected with the W32.Mimail.L@mm virus.
> >CC10DB.tmp is infected with the W32.Sobig.F@xxxxxx virus.
> >CC10B8.tmp is infected with the W32.Sobig.F@xxxxxx virus.
> >CC108D.tmp is infected with the W32.Sobig.F@xxxxxx virus.
> >CCB9E.tmp is infected with the W32.Sobig.F@xxxxxx virus.
> >CCB7B.tmp is infected with the W32.Sobig.F@xxxxxx virus.
> >.tmp is infected with the W32.Sobig.F@xxxxxx virus.
> >The email attachment upgrade.zl9 is infected with the
> W32.Swen.A@mm virus.
> >The email attachment hrdni.zl9 is infected with the W32.Swen.A@mm virus.
> >The email attachment Installation727.zl9 is infected with the
> W32.Swen.A@mm
> >virus.
> >The email attachment wendynaked.jpg.exe within Private.zip is
> infected with
> >the Backdoor.Sysbug virus.
>
> the f-prot that i am running has caught all of the above with the
> exception
> of the last one, i have not noticed it
> but it has intercepted all the others
> I guess the difference is that i am running in conjunction with
> mailscanner
> and it scans the individual email and i have not run it on the server
> itself to check all the files.
>
>

I am with David on this one. All the above bar the last one have been caught
with Mailscanner/Fprot at one time or another.
If you are not already using it, I would suggest installing mailscanner and
running this with the Fprot def.
The only thing to watch is that when the RAQ tries to restart sendmail then
mailscanner is not restarted.
This can be overcome by naming the mailscanner sendmail in /etc/rc.d/init.d
(details in the archives)
That way mailscanner gets restarted instead of sendmail, mailscanner
restarts sendmail anyway.

Does this mean there are pictures of naked ladies available on the internet?
;-)

Paul.

References:
- Re: [cobalt-users] How to find W32.Klex.H@mm Virus on my server?
  - From: David Lucas

Prev by Date: Re: [cobalt-users] RAQ4i : webserver down
Next by Date: Re: [cobalt-users] RAQ4i : webserver down
Previous by thread: Re: [cobalt-users] How to find W32.Klex.H@mm Virus on my server?
Next by thread: [cobalt-users] RaQ4 problem with GUI not saving changed settings

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index