Print

Print


Rich, these numbers beg the question of how many mails in total were in bound during that 8 hour period?

Don Bosman
Information Technologist
Michigan State University Libraries
517-432-6123  ext 233
[log in to unmask]




-----Original Message-----
From: Rich Wiggins [mailto:[log in to unmask]]
Sent: Wednesday, December 17, 2003 12:48 PM
To: [log in to unmask]
Subject: [MSUNAG] Anti-virus on mail.msu.edu - clarification


The new anti-virus feature in mail.msu.edu has already found
and blocked a number of virus-laden messages.  Here's a
breakdown as of 12:30 pm on December 17 (approx. 8 hours):

    4 Eicar-Test-Signature
    3 Sircam
   20 Suspected.Zip
   75 Trojan.Dropper.C
    1 W32/Magistr.A
    1 W32/Yaha.g.dam
    1 W95/Hybris.PI.002
    1 W95/Hybris.PI.003
    9 Worm.BugBear.B
  644 Worm.Dumaru.A
    1 Worm.Fizzer.A
    2 Worm.Galil.C
  326 Worm.Gibe.F
    3 Worm.Gibe.F.UPX.2
   15 Worm.Mimail.G
  127 Worm.Mimail.I
 1640 Worm.Mimail.J
   99 Worm.Sobig.F
 1275 Worm/Klez.H
    1 Yaha.K

 4248 Total

Just to clarify how the new anti-virus feature works: mail coming
into mail.msu.edu is scanned for viruses.  When a virus is detected,
the sender's e-mail service is notified that delivery has been
rejected.

If you send mail through mail.msu.edu using an e-mail client
such as Eudora or Outlook, each message will be scanned for
viruses.  Viruses such as Sobig that try to send through
mail.msu.edu will also face virus detection and blocking.

However, if you are using the Webmail client for mail.msu.edu
to send mail, that mail will not be scanned for viruses due
to the current architecture of the system.  The mail team is
looking into adding scanning to outbound Webmail messages.

Based on the numbers so far and the nature of how Sobig,
Klez and the like are commonly spread, the system should
help contain future such outbreaks.

Again, we continue to strongly suggest use of anti-virus
software on individual computers.

/rich