PhreeZone 20 #1 October 6, 2005 Just a heads up to everyone out there to update your Anti-Virus files. Another version of the Sober virus is out and spreading. Mcafee and Symantec both have it on their watches. Its a fairly simple email worm. As usual do not open anything from someone you don't know and even if you know them scan it with the newest AV sigs before opening it.Yesterday is history And tomorrow is a mystery Parachutemanuals.com Quote Share this post Link to post Share on other sites
Gravitymaster 0 #2 October 6, 2005 QuoteJust a heads up to everyone out there to update your Anti-Virus files. Another version of the Sober virus is out and spreading. Mcafee and Symantec both have it on their watches. Its a fairly simple email worm. As usual do not open anything from someone you don't know and even if you know them scan it with the newest AV sigs before opening it. Thanks. I'm still getting the bagle.MM virus. McAfee seems to be catching it now, though. Caught it 3 more times this week. - Quote Share this post Link to post Share on other sites
cameramonkey 0 #3 October 7, 2005 or Sober.q, depending on who's virus defs you use... we are getting hammered here at my office. I finally had to block ALL potentially dangerous attatchments because my users wouldnt listen... Me: "dont open any unexpected attachments" Them: "hey, come here, I got this attachment I didnt ask for and when I open it, nothing happens.... but my system is REALLY slow now". Lets see, 3 of us, 500 of them... doesnt seem fair now does it? for some reason we have been getting these bad boys "zero day". To even come CLOSE to catching them, I have to download the super-secret-squirrel pre release of the defs from symantec because we are getting them the same day that they build the defs for it. (it takes up to 48 hours to get into production if we use regular definitions) I wanna string these bastards up by thier thumbs and have some fun witha blowtorch. (both the virus writers and my users that wont listen)Two wrongs don't make a right, however three lefts DO! Quote Share this post Link to post Share on other sites
hookitt 1 #4 October 7, 2005 If you're using Symantec Enterprise, the antivirus server can be set up to do an automatic FTP download of the daily releases and force the clients to be updated as well. If it's not set up that way, you get to wait till wednesday like every one else. Search out cegetter.bat on the symantec site and it will give clear instructions on how to do this. Edit: Here are the instructionsMy grammar sometimes resembles that of magnetic refrigerator poetry... Ghetto Quote Share this post Link to post Share on other sites
PhreeZone 20 #5 October 7, 2005 Well, I have a solution for you but it involves dumping Symantec Something most people over look is to place the mail gateway at a point that it updates about every 10 minutes. Keeps you protected slightly better at the gateway level. Strip the stuff there before it spreads. Could be like me.. 1 of me, 100,000 nodes to protect. I'll take your 3:500 odds any day. Yesterday is history And tomorrow is a mystery Parachutemanuals.com Quote Share this post Link to post Share on other sites
hookitt 1 #6 October 7, 2005 The mail gateway at the place I USED to work at was set up quite well. Symantec was the corporate wide antivirus solution. It worked fine there Phree Besides, it wasn't my decision, but it was my responsibility. I haven't used the McAfee enterprise product. I'm sure it does a fine job :)My grammar sometimes resembles that of magnetic refrigerator poetry... Ghetto Quote Share this post Link to post Share on other sites
Loonix 0 #7 October 8, 2005 sober sounds like a really evil virus anyway, viruses has to be installed these days. so users, please stop installing viruses! (yes, 98% of the time its that simple ) Quote Share this post Link to post Share on other sites
cameramonkey 0 #8 October 8, 2005 No we are already setup with daily updates via FTP. the problem is we are getting the viruses "Zero day". Here is what happens... We get the virus say, on the 6th within 24 hours of it being released. Symantec also gets the submissions on the 6th, and creates a signature, which goes into development, and is available via a hidden "rapidrelease" FTP site while it is being tested for stability, and being added to throughout the day. sometime overnight the defs labeled 10/6 rev xx are released into the general FTP server and are available on the 7th. So its already a day late and a dollar short for companies like mine. problem is, we are already getting hammered, and by the time it dissimenates through our update servers, our stupid users have already hosed us. and we have 4 layers. -one on our firewall to stop it as the data stream is inspected (sonicwall). -One on our Barracuda Anti Spam Gateway -One on our mail server itself (clam, hourly updates). -The file servers and workstations (Symantec) Lately the virus has been getting past our servers overnight, then get caught by the updates and jam up outlook as it tries unsuccessfully to download the virus file that next AM. (and the firewall kills the connection to keep it from transferring)Two wrongs don't make a right, however three lefts DO! Quote Share this post Link to post Share on other sites
mnealtx 0 #9 October 8, 2005 Luckily, I've not been hit... But on the humorous side, you'd THINK skydivers would be pretty much immune to anything REMOTELY resembling "sober"... Mike I love you, Shannon and Jim. POPS 9708 , SCR 14706 Quote Share this post Link to post Share on other sites
