Virus Protection

[Dkevdog]

This latest virus has been devastating, even large well protected systems are being brought to their knwws. Today alone Norton caught 72 copies of it on my incoming mail. Many of the so called "senders" are TDR members addresses, including Robins and many others. This leads me to belive that members are not keeping virus protection up to date!!



Just a friendly reminder to everyone.



Kev

 

[Doc Tinker]

Originally posted by Dkevdog

This leads me to belive that members are not keeping virus protection up to date!!

Not neccessarily. I have seen a lot of infested emails that have names that don't jive with accounts. An example, where I work, my email address is -- email address removed --, but address on an infested email might be -- email address removed --.



This latest stuff could be sent from your computer, using the names in your address book as the sender, not you. Weird stuff and hard to stop.



Doc

 

[Doc Tinker]

One other thing. . All day long I've been telling people who earn $60,000 more per year than me. . Don't open the attachments!



Seems like if they earn more than me, they should know more than me. And why in the heck do I have to teach a teacher? Over and over again, I might add.



Doc

 

[Doc Tinker]

Someone asked me today "Who makes all these viruses?"



I told him, "The same kind of guys who used to smash mailboxes with pumpkins, when I was a kid. Maybe if computers were around when I was young, there would have been less pumpkin guts spread all over town. "



Doc

 

[socal_rattler]

Another thing that is important. . update your virus signature files. YOu may have anti-virus software on your PC, but unless you regularly update the signature files, any new viruses will not be caught by the anti-virus software.

 

[Steve St.Laurent]

The Mydoom virus has been giving people fits. I've received four emails with it today. Interestingly Mcafee simply shuts down the email receive process and I have to delete the offending email through my web based email service from my ISP. As with many of the newer viruses it spoofs email addresses so it's not possible to trace. I've had a number of people contact me to tell me I've sent them the virus - when I know that it didn't come from me. Same thing with Robin. Both of our email addresses are out there on so many peoples machines that they get spoofed all the time. We remind people periodically about this but it never hurts to have another reminder. I had a new customer about 6 months ago that was having problems with their machine and they hadn't updated their virus software in over 2 years. They had 58,000 files on their PC infected with different virus. It was amazing the machine worked at all.

 

[kboettcher]

Originally posted by socal_rattler

Another thing that is important. . update your virus signature files. YOu may have anti-virus software on your PC, but unless you regularly update the signature files, any new viruses will not be caught by the anti-virus software.

Thats why I like Computer Associates virus scanner... ... I get new updates every day of the week and sometimes there is 2 in a day.

 

[Doc Tinker]

CA wouldn't clean MyDoom until new dat files came out yesterday (1/29). We use Computer Associates at work and the worm was getting past it, until we got the new update at around 9 am. I did find the worm with the dat files from 1/27, but it wouldn't clean, move or delete it.



I was using a TrendMicro scan tool until CA got with the game.



We are in the process of installing a GroupWise email server, but it's not ready to use yet. In the mean time, we get our email through a server at the county. The county has no filters on the server, so all our staff gets every spam or infested email that goes around. Evidently the county doesn't plan on doing anything about it. It's not in this year's budget



Any one know of a way to filter the mail after it leaves the pop3 server, before it gets to the client?



Doc

 

[Grayhackle]

I am using Norton Anti Virus with the automatic update but I have very little confidence in it since that wormblast made it through Norton and infected my computer. Norton never did find it, my son did. I scanned twice yesterday and Norton said I was ok. Any computer experts advise me as to which is the best and up to date virus protector. When I bought Norton, McAffee was swamped and not taking any more customers, but this was many years ago. Thanks

 

[socal_rattler]

I have deployed Trend Anti-virus at my work and am very happy with it. There is a personal PC version called PC-cillin.



Have also had good luck with their support.



There is also a link on their page that will scan your PC for free from their web site... see the 'House Call' link.



http://www.trendmicro.com/en/home/us/personal.htm

 

[GWDiesel]

protect your address book

This is old stuff,just a reminder to those that don't have it. type this in your address book and any one that enters will not

get any further!AAAAAAA@AAA. AAA This

will be at the top of your list and they will go no further. GWD

 

[Doc Tinker]

http://antivirus.about.com/cs/hoaxes/p/aaaa.htm

 

[GWDiesel]

AAAAAAA@AAA.AAA

A while back I found this address, AAA, in my inbox,A while after install(6 months) so I dont want to start a war, but it is going to

stay! (stubborn old man) GWD

 

[fest3er]

Originally posted by Doc Tinker
... Any one know of a way to filter the mail after it leaves the pop3 server, before it gets to the client?

Doc

But of course. My email client fetches a message, then runs it through a shell script I wrote that uses F-Prot to detect virii. If one is found, the entire body of the message is deleted and replaced with a short message stating what was found and why action was taken. Dunno if any of the Windows email programs allow you to write your own filters, though... .

I also added Anomy to my web host, which sanitizes incoming email, good or bad. Executables are quarantined and removed from the message, and archives are adjusted (filename changed, MIME type munged).

Oh, wait. Did I forget to mention I'm running linux, using Kmail for email?

N

 

[Doc Tinker]

Yeah Yeah fest3er - But how easy do you think it will be for me to wean 5,000 users over to Linux? Not to mention that they might be unhappy with the Win3. 1 grade GUI. And Star Office absolutely sucks, in my opinion.



I'm looking for something that can filter before it gets to the client machine, after it passes through the PIX firewall, so we don't have to manhandle each of our 1000+ computers.



Doc

 

[GWDiesel]

Just my . 02 cents,I have Norton anti-virus

incoming and out going e-mail scanning, Ad-aware,and I am using Mozilla (freeware)

for my browser. No more pop ups & spiders,

and Norton is catching the worms and viruses. IMHO you can only control what leaves your computer the pop net is over run with hacker junk and AOL is the worst

one of all. The only complaints (2) I have had are from AOL users, but you cant hold their hand ,they don't listen about what happens after the message leaves your computer,you just delete them from your address book. Our POP-3 server is in and out a lot and I think to slow when sending

pictures JMHO-GWD

 

[jponder]

Originally posted by Doc Tinker

Someone asked me today "Who makes all these viruses?"



I told him, "The same kind of guys who used to smash mailboxes with pumpkins, when I was a kid. Maybe if computers were around when I was young, there would have been less pumpkin guts spread all over town. "



Doc

Okay but to be totaly fair, I know from when I was young that... ... ... SOME OF THOSE MAILBOXES HAD IT COMING.

 

[Dkevdog]

Re: Re: Virus Protection

Originally posted by Doc Tinker

Not neccessarily. I have seen a lot of infested emails that have names that don't jive with accounts. An example, where I work, my email address is -- email address removed --, but address on an infested email might be -- email address removed --.





Doc

Nope, the email addresses I'm receiving the virus from are legit member addresses. Like Steve pointed out, spoof, but legit. It has slowed down only slightly over the past two days, today I only received 18 copies of the virus. One of them was from Robin too... . yet another spoof.



It is my understanding that the virus will stop sending itself on Feb 12.



Probably just in time for the next one (likely created by a 13 year old with too much time onhis hands) to hit.



Kev

 

[fest3er]

Originally posted by Doc Tinker
Yeah Yeah fest3er - But how easy do you think it will be for me to wean 5,000 users over to Linux? Not to mention that they might be unhappy with the Win3. 1 grade GUI. And Star Office absolutely sucks, in my opinion.

I'm looking for something that can filter before it gets to the client machine, after it passes through the PIX firewall, so we don't have to manhandle each of our 1000+ computers.

Doc

I shoulda thought of this last night. A Google search for "transparent pop3 proxy scanner" yielded a large amount of stuff, including:
http://www.mcafeeb2b.com/common/media/mcafeeb2b/us/products/pdf/ds_us_webshield_appliances.pdf

Basically, what you want is a network appliance that acts as a transparent proxy.

There are vendors who can supply transparent proxies, which is likely what you want. If you are into rolling your own, you could build one with linux/bsd, using iptables, p3scan (transparent proxy), f-prot (virus scan); this solution would more likely be bandwidth limited, meaning it would be a large bottleneck betwixt your users and the internet if there are enough users.

As to the office suite, the latest OpenOffice release is quite good. I do agree, Star Office does seem to leave a lot to be desired. Also, although it's a memory pig (prolly because I use 1280x1024 @ 24bit), KDE3 is a very usable GUI. I'm also surprised at the various Win apps that actually run nicely under Wine.

N

 

[fest3er]

Re: Re: Re: Virus Protection

Originally posted by Dkevdog
...
It is my understanding that the virus will stop sending itself on Feb 12. ...
Kev

The A variant that is to attack SCO is supposed to shut down 2/12. The B variant that is to attack MS is supposed to run to the end of the month.

N