1. Home
  2. Networking Firewalls
  3. MYTOB questions

MYTOB questions

Hey guys,

I had a gentlemen that runs an offsite software application that my company uses on a daily basis. He called me today and said that his Linux e-mail server was getting suspicious hits for two days that link back to my domain IP address. He said they found out that it was the Mytob worm trying to get access. I have a PIX and have Symantec Mail Security 4.6 running on my exchange. How can I keep it from coming in and out. The Mail Security does a pretty good job of scanning and killing most if not all viruses coming through so I'm having a hard time understanding this. What can I do to block this so others don't start calling me telling me to do something about it?

Thanks

Reply to
joshob
Loading thread data ...

What exactly is he measuring?

Yours, VB.

Reply to
Volker Birk

  1. The "from" address is spoofed by this virus, is he sure it's coming from your IP address? He might be right, if he's looking at the actual transaction logs from his server and sees the source IP of the connections. (or the right fields in the header)
  2. That virus uses it's own SMTP engine, and therefore will not use your Exchange server or your Symantec Mail Security program that runs there. Your PIX is the last line of defense if your desktop AV software has let you down. Does it (the PIX) know how to look in outbound SMTP email and scan it for viruses? If not, it's very possible that your PC is indeed sending this stuff out. Some versions of the mytob apparently do other sorts of connects (sql, network shares, half a dozen other various vulnerabilities) that again won't go through your mail security program, and will fall upon your PIX to block.

-Russ.

Reply to
Somebody.

Russ,

Thanks for the comment, that's what I figured being that MyTob can make a host it's own SMTP server. What's the best way to configure my PIX so that my exchange can flow properly but block malicious SMTP traffic? Any suggestions are greatly appreciated.

Reply to
joshob

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.