Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
771
Views
0
Helpful
2
Replies

IDS and MYDOOM.BB

davemit
Level 1
Level 1

‎02-17-2005 12:45 PM - edited ‎03-10-2019 01:17 AM

I have an Exchange server that is getting bombarded with MYDOOM.BB viruses. The server virus software is detecting these, but we would like to determine the source. However, my IDS 4215 which is monitoring that network segment is not alarming at all. I have it updated with the S145 updates that are supposed to detect MYDOOM.BB virus activity.

Any ideas as to what's going on?

- Dave

Labels:
0 Helpful
2 Replies 2

mcerha
Level 3
Level 3

‎02-17-2005 02:36 PM

Is the sensor healthy? Is it generating any other alarms? What antivirus software are you using on the email server? What exactly is the antivirus software identifying the suspect attachments as? Do you have any file samples that you could provide? Please email me directly at mcerha@cisco.com if privacy is a concern. If you send a live virus sample, please put it in a password protected ZIP archive before sending.

0 Helpful

micballa
Level 1
Level 1

‎02-17-2005 04:25 PM

The signatures in S145 detect the pif and zip file formats associated with the virus Trend Micro identifies as MyDoom.BB. Other virus vendors may label a different variant as MyDoom.BB. Also, can you confirm that the sensor is seeing both sides of the traffic to your sensor? Can you provide a traffic sample that we can use to research this?

Thanks,

Jason

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card