Hi All,
Currently I’m using demo versions of AVAST Server products and professional products - very impressed to date and will be purchasing a few licenses shortly…
In that past week, I have began receiving many email notifications of the Mytob-CP virus being picked up in email on my SBS2003 server (below is a sample of the email that Avast is sending me).
While I’m very glad Avast is deleting these emails for me, I’m curious about how this virus is working… A couple of days ago, I began getting these messages maybe 10-20 minutes apart. Finally, I blocked the reported IP address on the server, and the virus notifications stopped. This morning, again I am receiving these emails about 20 mins apart and now from a different IP address.
After doing some research on this virus, and checking my systems, it would appear that my systems are not infected, but I’m not convinced this is true, probably through my lack of experience in this field.
I will block this new IP address as well, but, I am wondering, is it too coincidental that I get this twice in one week when I’ve never had this happen before? Could my server be infected with the virus even though scans report negative?
Appreciate anyone’s thoughts on this…
Kind Regards
Antony
Sample email received from Avast running on SBS 2003 server (I have replaced the domain names below with a dummy domain name, but the emails are always reporting my domain name but invalid users);
avast! Antivirus: Infected Mail Detected
avast! determined that your mail-server hit an infected message. Message details are bellow. Please note that mail-borne viruses can be very dangerous.
The message was automatically processed by avast! according to its configurable rules. You may want to check the server-side logs to verify that no error occurred.
Message details
From: “info@mydomain.net.au” (info@mydomain.net.au)
To: “peter@mydomain.net.au” (peter@mydomain.net.au)
Cc:
Bcc:
Resent-From:
Resent-To:
Subject: Notice of account limitation
Sent: 10/06/2005 9:13:31 AM
Message Type: Inbound
Mail Server: ourcom-server.OURCOM.NET.AU.LOCAL
Received From: 207.234.226.49
Infected Items: information.zip (Win32:Mytob-CP [Wrm]) [Deleted]
avast! Action: Discarded
Virus Database: 6/9/2005
If the avast! Action is discarded, the message was destroyed and will never be delivered. If it is moved to ‘badmail’, it was placed to the badmail directory on the server.
This message was automatically generated by avast! for SMTP2000.avast! - copyright © 1988-2005 ALWIL Software.