Re: Win32.Sircam.Worm Alert.....

From: DNT (dnt@hcm.fpt.vn)
Date: 07/27/01 

Message-ID: <000001c116a8$d13039c0$ca31a2cb@phong>
From: "DNT" <dnt@hcm.fpt.vn>
To: "Chris Freels" <cfreels@gracenote.com>, <vuln-dev@securityfocus.com>, <SECURITY-BASICS@securityfocus.com>
Subject: Re: Win32.Sircam.Worm Alert.....
Date: Fri, 27 Jul 2001 16:52:38 +0700

Is there anyone has Sircam's source code?
----- Original Message -----
From: "Chris Freels" <cfreels@gracenote.com>
To: <vuln-dev@securityfocus.com>; <SECURITY-BASICS@securityfocus.com>
Sent: Friday, July 27, 2001 4:09 AM
Subject: RE: Win32.Sircam.Worm Alert.....

I have been seeing this virus come through my Exchange 2000 server for
the last week. The first day I saw the alert I was receiving it. I am
running McAfee Groupshield for Exchange 2000 SP1 and it is working just
fine. I have not gotten one infected machine. We are running scan
engine 4140 with the latest DAT.

Chris

-----Original Message-----
From: Kyle Plate [mailto:kyle@CLASSIFIEDTECHNOLOGIES.COM]
Sent: Wednesday, July 25, 2001 3:04 PM
To: 'vuln-dev@securityfocus.com'; 'SECURITY-BASICS@securityfocus.com'
Subject: RE: Win32.Sircam.Worm Alert.....

FYI:

Using Symantec's NAV for Exchange (Virus def: 7/18/01 12:00am) has been
successful for us in detecting and moving to quarantine all Sircam
infected
messages that have been sent to our server.

-----Original Message-----
From: Jeremy Rodriguez [mailto:jrodriguez@intellinet-tech.com]
Sent: Wednesday, July 25, 2001 9:19 AM
To: Tom Geldner; 'Johnson, Greg'; vuln-dev@securityfocus.com;
SECURITY-BASICS@securityfocus.com
Subject: RE: Win32.Sircam.Worm Alert.....

Yesterday the worm infected 3 of our systems. Just to test I downloaded
it,
save it a specific folder and scanned it with Norton's (using the latest
defs) and to my suprise it did not pick it up.
The fix Symantec has:
http://www.sarc.com/avcenter/FixSirc.com

Did find the worm and repair it.

Relevant Pages

  • Re: Information Store taking all available memory.
    ... There are cases where the virus software is scanning things it should not ... The aforementioned should be excluded in the virus software. ... Do Not Back Up or Scan Exchange 2000 Drive M ... Understanding Virus Scanning API 2.0 in Exchange 2000 Server ...
    (microsoft.public.exchange2000.information.store)
  • RE: Win32.Sircam.Worm Alert.....
    ... eSafe, Norton Antivirus, F-Secure, Sophos and ... > running McAfee Groupshield for Exchange 2000 SP1 and it is working just ... > messages that have been sent to our server. ...
    (Security-Basics)
  • Re: Virus Problems......
    ... access the server at this point. ... >your Exchange AV scanner to get rid of this if it's ... You need to scan/clean your Exchange databases, ... >virus is, using the Exchange portion of your AV software. ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Security issue with MS Exchange and Windows 2003 Server
    ... > user's mailboxes which is infected by a virus / trojan ... Anything you move to the new server that COULD contain a virus (like ... Why are you not running Exchange aware SMTP based AV software? ... Setup a new server, install Symantec Corporate Edition 10.0 and properly ...
    (microsoft.public.security.virus)
  • Re: Tons of errors in SB 2000
    ... Since this is a server, not workstation, just fixing windows ... what's the point of having Windows ... Now, if you have Exchange sp3 installed, you can use the ... > virus was on a workstation and not the server. ...
    (microsoft.public.backoffice.smallbiz2000)