Re: Email Issues

From: Paul Kurczaba (paul_at_myipis.com)
Date: 02/27/04

Next message: Aditya, ALD [Aditya Lalit Deshmukh]: "RE: Preventing OS Detection"

Previous message: Ryan Cornelsen: "RE: Why Security testing is required"
In reply to: sean.osullivan_at_ise.ie: "Email Issues"
Next in thread: MARTIN M. Bénoni: "RE: Email Issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <sean.osullivan@ise.ie>, <security-basics@securityfocus.com>
Date: Thu, 26 Feb 2004 21:24:00 -0500

What happens when you open the .zip attachment? Is the virus (NetSky) being
replaced by your Anti-Virus software with a notification?

-Paul Kurczaba
----- Original Message -----
From: <sean.osullivan@ise.ie>
To: <security-basics@securityfocus.com>
Sent: Thursday, February 26, 2004 4:51 AM
Subject: Email Issues

> Hi All
>
> Something weird has been happening the last three days. We have been
getting
> mails that look like the NetSky virus (smae text and attachments), to a
certain mailboxs, but the weird thing is
> that the .zip attachment is 78 Bytes, the actual virus .zip file is 22,016
> bytes. Another things is our Mailsweeper is set to block all .zip files
but
> this one is getting through. I did a test and sent a mail with a normal
.zip
> attachment to this mail box and it got blocked. Has anyone seen this or
> have any ideas on what its all about?
>
> Thanks in advance.
>
> Sean
>
>
> **********************************************************************
> This footnote also confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses.
>
> www.mimesweeper.com
> **********************************************************************
>
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------

--
>
>
---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Aditya, ALD [Aditya Lalit Deshmukh]: "RE: Preventing OS Detection"

Previous message: Ryan Cornelsen: "RE: Why Security testing is required"
In reply to: sean.osullivan_at_ise.ie: "Email Issues"
Next in thread: MARTIN M. Bénoni: "RE: Email Issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

NETSKY virus
... if u know what virus it is, why didn't you try using the ... >sending out the Netsky virus on our LAN/remote? ... Users are running MS outlook on ... >to send this Netsky viruses outside and inside our ...
(microsoft.public.exchange2000.general)
Re: Netsky Wont leave
... | get the error that I have a Netsky.? ... something virus on the machine. ... You can choose to go to each menu item and just download the needed files or you can ... It is suggested to run the scanners in both Safe Mode and Normal Mode. ...
(microsoft.public.security.virus)
Re: symantec virus scanner with exchange?
... never allow ANY Virus scanner to scan the Exchange ... Should i run the fix netsky tool from symantec? ... For the netsky tool, it says "WARNING: ...
(microsoft.public.exchange2000.admin)
Re: Is it possible to trace source of messages bearing Netsky.R or .Q?
... > Your e-mail server detected the virus in the ... > it's own message telling you it detected a virus in an e-mail destined ... NOD32 as infected with Win32/Netsky.R. ... NOD32 again identifies it as Netsky. ...
(alt.comp.anti-virus)
RFC: content-filter and AV notifications (Was: Re: RFC: virus handling)
... TZ> Looking at the current outbreak of the Mydoom.A worm I would like ... Virus Detected Notifications ... TZ> warned that these notification messages may not reach the intended ... TZ> To allow filtering of these messages they should always carry the ...
(Bugtraq)