February 3rd, 2004, 10:04 PM
Ask your email admin to turn off the auto responder for Norton. This virus spoofs the sender so the auto responder is not effective. You end up sending messages to people that are probably are not infected causing more confusion and more traffic.
February 4th, 2004, 12:13 AM
Yeah I am assuming your spoofed. One of the things the virus does is use the email addressed stored on the computer so it porbably just used your email address at another computer and sent an email back to you. And the snort rules are designed only to see incoming traffic on port 25 if you copied them directly so its not like your sending anything out.
Originally posted here by Tanker135
I've created a rules files with your posting and am taking hits from outside my firewall. It would appear that some novarg virus traffic is originating from our mail server, however my mail administrator claims it could not happen, as he's installed Norton's protection software. He does claim that Norton automatically responds to senders of novarg that the're infected. Could the automatic response be the cause of the hits I'm seeing coming from the inside of my network?
Oh I didnt get much feedback at all on my rules so I am just curious if anything got past them. I havent gotten much of the mutated versions but so far its detected every Novarg and every variation. I would like to no if any got by you and if they did could you possibly email me what did.
That which does not kill me makes me stronger -- Friedrich Nietzche