RE: Worm.SCO.A (W32/Mydoom@MM)
From: Shawn Jackson (sjackson_at_horizonusa.com)
Date: 01/28/04
- Previous message: sil: "RE: Security conference"
- Maybe in reply to: Shawn Jackson: "RE: Worm.SCO.A (W32/Mydoom@MM)"
- Next in thread: Dan Bartley: "RE: Worm.SCO.A (W32/Mydoom@MM)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 Jan 2004 18:08:56 -0800 To: "Dan Bartley" <bartleyd@corp.netcarrier.com>, <security-basics@securityfocus.com>
>I assume you mean anti-virus notification, not an NDR. The NDRs are
generated because the Trojan is using a list of common >names for every
domain it picks up on. You can't disable NDRs, that would be bad
practice.
AV NDR's = Anti-Virus Notifications. The majority of the time you get a
AV notification you basically getting a NDR from the server describing
why it was unable to deliver the message, in this case because of a
virus.
Turning off SMTP/MTA NDR's != GOOD.
Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521
www.horizonusa.com
Email: sjackson@horizonusa.com
Phone: (775) 858-2338
(800) 325-1199 x338
---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------
- Previous message: sil: "RE: Security conference"
- Maybe in reply to: Shawn Jackson: "RE: Worm.SCO.A (W32/Mydoom@MM)"
- Next in thread: Dan Bartley: "RE: Worm.SCO.A (W32/Mydoom@MM)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
