Re: Microsoft emal virus -- MIDRANGE-L

You may want to check out Trendmicro.com or Symantec.com for client 
protection.

Chris Whisonant
Comporium
Senior Mid-Range Systems Administrator
IBM eServer Certified Systems Expert - iSeries Technical Solutions V5R2
IBM Certified Associate System Administrator - Lotus Notes and Domino 6
803.326.7270 (W)
803.326.6142 (F)
chris.whisonant@xxxxxxxxxxxxx



Steve Landess <sjl_123@xxxxxxxxxxx> 
Sent by: CWHISONANT@xxxxxxxxxxx
09/24/2003 09:46 AM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>


To
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
cc

Subject
Re: Microsoft emal virus






> Adam wrote:

> You might want to tell them that the customer is also sending out emails
> claiming to be from microsoft and that you are going to have to report 
the
> ISP and client to Microsoft as well.
> In fact, sounds like a splendid idea...

I would start forwarding the virus-bearing emails to the abuse account at
both ISP's - yours and the offender's...send them to abuse@whateverdomain,
with a brief message indicating that you believe it contains a virus. They
need the headers to investigate, so send full headers...Hotmail has a
procedure for forwarding them that will show full headers, after you send
the first one to them they'll send you back an email with a procedure for
showing full headers.

After setting up around 30 filters on my paid Hotmail account, I have 
caught
most of the virus-bearing emails and delete them immediately.  The ones 
that
aren't caught end up in a folder named viruses, where I can then review 
them
to see why my filters didn't catch them.

Once I revise my filter rules, I delete the virus-bearing email.  Not
perfect, but works for now, until I can get away from using Outlook 
Express
to read my email.

It sucks that my McAfee virus-protection software (Home Edition, Version
7.03.6000) doesn't seem to work properly as far as screening the incoming
attachments.  I'm up-to-date on my DAT files (4.0.4294, Sept. 18).  I'm 
not
too worried about getting infected, since it will notify me if I try to 
open
or save an attachment containing a virus of which it is aware.  However, 
it
would be nice if it quarantined them as they came in.

I have called McAfee support on a couple of occasions trying to get 
answers,
but their free customer service also sucks...if you need any *real* 
problems
solved, you have to have a paid support contract.

When the free updates expire, I'm going to switch to another package...any
suggestions?

Steve

> ----- Original Message ----- 
> From: "Joe Pluta" <joepluta@xxxxxxxxxxxxxxxxx>
> To: "'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
> Sent: Tuesday, September 23, 2003 8:28 PM
> Subject: RE: Microsoft emal virus
>
>
> > The fine folks at keyway.net technical staff say it's not their fault 
if
> > their users send viruses, and they let anything through their servers 
as
> > long as it comes from a registered user.  But if we call and tell 
them,
> > they'll "let the responsible party know".
> >
> > Not a particularly proactive response.
> >
> > Joe
> >
> >
> > > From: Joe Pluta
> > >
> > > Has anybody looked at the headers of the "MS bulletins" you've been
> > > receiving?  EVERY ONE of mine comes from the same mail server:
> > >
> > > Return-Path: <vinproduct@xxxxxxxxxxxxxx>
> > > Received: from mail.keyway.net (mail.keyway.net [216.117.199.18])
> > >
> > > My guess is that if you block this address in your spam filters,
> > you'll
> > > get rid of the majority of this junk.
_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing 
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.