Re: Email Issues

["Roger A. Grimes" <roger () banneretcs com>]

Sounds like the virus was stripped by another AV gateway and you're getting
what's left.

Roger

****************************************************************************
****
*Roger A. Grimes, Computer Security Consultant
*CPA, MCSE:Security (NT/2000/2003/MVP), CNE (3/4), A+
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of upcoming Honeypots for Windows (Apress)
****************************************************************************
*****

----- Original Message ----- 
From: <sean.osullivan () ise ie>
To: <security-basics () securityfocus com>
Sent: Thursday, February 26, 2004 4:51 AM
Subject: Email Issues


> Hi All
>
> Something weird has been happening the last three days. We have been
getting
> mails that look like the NetSky virus (smae text and attachments), to a
certain mailboxs, but the weird thing is
> that the .zip attachment is 78 Bytes, the actual virus .zip file is 22,016
> bytes. Another things is our Mailsweeper is set to block all .zip files
but
> this one is getting through. I did a test and sent a mail with a normal
.zip
> attachment to this mail box and it got blocked. Has anyone seen this or
> have any ideas on what its all about?
>
> Thanks in advance.
>
> Sean
>
>
> **********************************************************************
> This footnote also confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses.
>
> www.mimesweeper.com
> **********************************************************************
>
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
--
>



---------------------------------------------------------------------------
----------------------------------------------------------------------------