Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Member List  Search  FAQ  Ticket List  Log Out

 

Novarg

  		Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [Web & Mail Security] >> GFI MailSecurity >> Novarg Page: [1]
Login
Message << Older Topic   Newer Topic >>
Novarg - 27.Jan.2004 12:20:00 PM   
securityinfo

 

Posts: 13
Joined: 8.May2002
From: Okc, OK USA
Status: offline 		When I came to work this AM I had some 500+ notifications in my admin box regarding Novarg mails.
[Mad]
As is my custom, when a new wide-scale nasty starts up (i.e. SoBig, etc) I simply add the known subject lines to the MS default subject checking rules, and then delete the infected mails out of hand without my intervention.
[Wink]
Occasionally an infected mail will come through without any subject, and the AV checkers will catch it, and then I have to delete it manually. Easy to handle, no problem.

So, it appears that our new friend Norvag can morph the subject into a non-sense string of text like "HJHEJKHSAH". Which kind of defeats my "low maintenance" approach to dealing with these large scale worms [Frown]

Anyone else seeing the subject line morphing as this new infection continues??

/john
Post #: 1
RE: Novarg - 27.Jan.2004 2:46:00 PM   
fnbaiss

 

Posts: 127
Joined: 19.Sep.2003
From: USA
Status: offline 		We received about 1000+ and I didn't notice a change in the subject line. We're configured to auto delete all emails containing a virus and now that our Norman and Kasperian virus signatures have updated we haven't seen any more of these emails.

(in reply to securityinfo)
Post #: 2
RE: Novarg - 28.Jan.2004 4:12:00 AM   
sheepie

 

Posts: 3
Joined: 27.Jan.2004
From: UK
Status: offline 		Where do you configure to auto delete emails that contain viruses?

thanks in advance

(in reply to securityinfo)
Post #: 3
RE: Novarg - 28.Jan.2004 4:15:00 AM   
alucas

 

Posts: 28
Joined: 28.Sep.2003
From: UK
Status: offline 		In MailSecurity, right-click on "Virus scanning engines" go to "Properties"

(in reply to securityinfo)
Post #: 4
RE: Novarg - 28.Jan.2004 11:38:00 AM   
detzi

 

Posts: 22
Joined: 18.Jan.2004
Status: offline 		We receive a lot of mails with the MyDoom VIrus and there weŠre all successfully blocked except a few which made it to our Exchange. Thats no big problem because of the Exchange GroupSHield, but all the mails which slipped through MSEC come from MAILER-DAEMON@<changing-domain>.

Could there be a misconfiguration? I canŠt find any false settings.

Detzi.

(in reply to securityinfo)
Post #: 5
RE: Novarg - 29.Jan.2004 4:34:00 AM   
detzi

 

Posts: 22
Joined: 18.Jan.2004
Status: offline 		ME9 marks these mails as spam, subject line e.g. "Bayesian Filter detected spam - Mail delivery failed: returning message to sender".

Does MSEC not check mails from mailer-daemons or with subject lines as the above?

Thanks in advance, Detzi

(in reply to securityinfo)
Post #: 6
Page:   [1]
All Forums >> [Web & Mail Security] >> GFI MailSecurity >> Novarg Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts