SoBig.F. Please read.

**chut** · 08-22-2003, 11:59 AM

Actually, that's all we use. And getting people off of Express was a real pain in the ***.

Originally Posted by hijinks21

chut yes.. thats why you never use Outlook

**wizardPC** · 08-22-2003, 12:07 PM

okay, the way the SoBig-F variant works is this:

1. User opens attachment
2. SoBig accesses address book
3. Sobig picks a name at random from address book
4. SoBig emails everyone else in your address book and spoofs the random person's email.

If users got an email seemingly from you that had the virus, it wasnt you.

**hijinks21** · 08-22-2003, 12:54 PM

In outlook you don't even need to open the attachement. In un-patched versions they can just write some js code to auto exc the virus. Thats why I banned users from using outlook for the company i worked for.

**Skraggy_uk** · 08-22-2003, 01:00 PM

OK. I don't know if I'm patched at Outlook/OS level.
But I have all the latest updates to F-Prot AV.

I'm not infected according to F-Prot.
My Mail server (on the same Lan) also uses F-Prot both as an OS Anti Virus, and as part of the Mailserver as an internal AV extension.

My machine scans fine. the mailserver machine scans fine.
The Mailer Daemon and its AV subsystem is picking up bucket loads of SoBig attachments and rendering them harmless/deleting them. So I pretty much have to be clean. You would hope.

**hijinks21** · 08-22-2003, 01:14 PM

Skraggy_uk, one would hope

**chut** · 08-22-2003, 01:37 PM

If you ban outlook, what do your users use?

**hijinks21** · 08-22-2003, 01:44 PM

chut, we are mostly a linux shop here. But there are a ton of alernitives. A lot of the people here use webmail or mozilla's mail program, also eudora.

If you have an exchange server then I can understand using outlook.. but i'd make sure all patches are updated.

**Skraggy_uk** · 08-22-2003, 03:38 PM

Thread: SoBig.F. Please read.

LinkBack

Thread Tools

Search Thread

Display

Bookmarks

Bookmarks

Posting Permissions