Security Incidents mailing list archives
RE: Novarg
From: "Wayne S. Ackley" <wackley () ideorlando org>
Date: Wed, 28 Jan 2004 13:01:59 -0500
Greetings, We've seen the same symptoms on our outlying networks. Since yesterday, once we made some minor changes to our Postfix/Amavis/CLAMAV server, (i.e. updated sigs, etc.) we've seen Amavis/CLAMAV catch every occurence without a hitch. We allow certain attachments via SMTP, and with our Amavis/CLAMAV setup we can scan them easily. -Wayne ************************************************** Wayne S. Ackley IT Manager - Senior Network Engineer IDEORLANDO Facility 3045 Technology Parkway Orlando, Florida 32826 321-235-7524 321-235-1484 text pager: page_wayne () ideorlando org Pager phone: 1-800-946-4646 pin#1431304 ************************************************** -----Original Message----- From: sloppy seconds [mailto:beleguese () yahoo com] Sent: Tuesday, January 27, 2004 11:32 PM To: incidents () securityfocus com Subject: Novarg To all, Yes as many of you have noticed Novarg is spreading fast. I work for a large international corporation and we have seen extensive infiltration. However, this worm has not proved to be as "damaging" as some may claim. The scary part is that our investment in AV solutions (Trend, Symantec, et al...) has not protected us. We are now reconsidering our stance on allowing .ZIP files in Email. We engineered our own cleaning utility hours before our AV vendors even had signatures. Infecting lab clients and using diff tools...etc
From a network perspective we are watching for the
supposed DOS against SCO. We have had the outbreak under control just a few hours after it's inception. Anyone care to contribute their experience? Thanks, Beleguese __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Novarg, (continued)
- Re: Novarg Matt Curtin (Jan 30)
- Re: Novarg Matt Curtin (Jan 29)
- RE: Novarg - Stopping .Zip Files Tom Milliner (Jan 28)
- Re: Novarg - Stopping .Zip Files Keith W. McCammon (Jan 28)
- Re: Novarg - Stopping .Zip Files Alvin Mills (Jan 30)
- RE: Novarg - Stopping .Zip Files jamesworld (Jan 28)
- Re: Novarg - Stopping .Zip Files Bill Pennington (Jan 28)
- RE: Novarg - Stopping .Zip Files Timmothy Posey (Jan 30)
- Re: Novarg - Stopping .Zip Files Alvin Mills (Jan 30)
- Re: Novarg - Stopping .Zip Files Keith W. McCammon (Jan 28)
- Re: Novarg Dave Laird (Jan 28)
- RE: Novarg Wayne S. Ackley (Jan 28)
- Re: Novarg James Riden (Jan 28)
- RE: Novarg Chris Aguilar (Jan 28)
- RE: Novarg Jeremy Strachan (Jan 28)
- RE: Novarg Stephen Warren (Jan 29)
- Re: Novarg Robin Sheat (Jan 30)
- RE: Novarg steve bernacki (Jan 30)
- Re: Novarg Skip Carter (Jan 30)
- RE: Novarg Duston Sickler (Jan 29)
- RE: Novarg sloppy seconds (Jan 30)
- RE: Novarg Stephen Warren (Jan 29)
- RE: Novarg Robert Morales (Jan 28)
(Thread continues...)