02-17-2005 12:45 PM - edited 03-10-2019 01:17 AM
I have an Exchange server that is getting bombarded with MYDOOM.BB viruses. The server virus software is detecting these, but we would like to determine the source. However, my IDS 4215 which is monitoring that network segment is not alarming at all. I have it updated with the S145 updates that are supposed to detect MYDOOM.BB virus activity.
Any ideas as to what's going on?
- Dave
02-17-2005 02:36 PM
Is the sensor healthy? Is it generating any other alarms? What antivirus software are you using on the email server? What exactly is the antivirus software identifying the suspect attachments as? Do you have any file samples that you could provide? Please email me directly at mcerha@cisco.com if privacy is a concern. If you send a live virus sample, please put it in a password protected ZIP archive before sending.
02-17-2005 04:25 PM
The signatures in S145 detect the pif and zip file formats associated with the virus Trend Micro identifies as MyDoom.BB. Other virus vendors may label a different variant as MyDoom.BB. Also, can you confirm that the sensor is seeing both sides of the traffic to your sensor? Can you provide a traffic sample that we can use to research this?
Thanks,
Jason
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide