Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

KLEX VIRUS BYPASSING OUR PROTECTION

Status
Not open for further replies.
wnterhawk

wnterhawk

MIS
Nov 13, 2001
57
US
We are using Mcafee on all of our servers as well as on all of our workstations. That's about 45 Compaq servers and 2000 Dell workstations. We keep our internet network separate from the "company intranet". However one of our associates recently was sent a letter announcing the "KLEZ" virus. It had an attachment on it and he was suspicious so he sent it to my boss ... the Vice President in charge of IT. He in turn called me in to look at it. When he tried to d/l the attachment to a diskette. It wouldn't copy ... we tried more than one diskette. Finally he simply emailed it to me and I checked it on my computer. When he was trying to d/l it Mcafee did nothing to warn us of the virus. However when I tried to 'save" the attachment to my computer from his email, Mcafee immediately sounded the alarm... KLEZ VIRUS. and wouldn't allow me to continue. We both are using the latest dat (at the time it was 4196)files on the 4.5 engine. And our email server has the same.

My question is how is it that Mcafee didn't catch the virus and stop it. We capture ALL such files separately. But this one got thru and was not detected until I tried to d/l it to my PC. Is there something else we can do to protect our systems ...that possibly we are overlooking at this time.

Also is there something the maker is doing to the virus file that didn't allow it to be copied to the diskette, that might have somehow caused Mcafee not to see it.

thanks for any and all help (as always)

Len Lambert (wnterhawk)
 
Sort by date Sort by votes
It may sound strange, but, did you install GroupShield? If not, it will pass through your email server. Since you only mentioned protecting your servers, i'm assuming NetShield. NS does not check for email attachments (which I think you already know). Now, as for the virus only being detected when you tried to save the attachment, it just means that the program was not configured to run the Email Scan option. This option works with Outlook (not Outlook Express). Since I don't know what mail system you use (Exchange? Notes? something else?) I'm just trying to make an educated guess.

Did I hit something? :)

AVChap
 
Upvote 0 Downvote
this sounds about right, AVCHAP, also there are some strands of this virus that up untill the dats came out just today, would not be able to be fully cleaned. even though can be detected. with earlier dats. it is possible also they the first mentioned system has a different scan engine than the second mentioned system.. js error; 67 on line; 36 of signature.class
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

RodneyMcSnow
  • Locked
  • Question
Hardware firewall bypassed access to the lan network. Please Help! No it's not a root kit or virus
Replies
1
Views
141
ChrisHirst
ChrisHirst
thedivaofsteel
  • Locked
  • Question
Adding another Network to our Sonicwall NSA 3500 and existing VPN
Replies
1
Views
96
jkupski
jkupski
ingram87
  • Locked
  • Question
Keep getting "TCP connection dropped" to our server. Need help finding why that's happenin
Replies
1
Views
197
joepc
joepc
diembi
  • Locked
  • Question
McAfee can stop my not virus process?
Replies
0
Views
95
diembi
diembi
RodneyMcSnow
  • Locked
  • Question
computer says windows 2012 has detected a virus
Replies
2
Views
98
kjv1611
kjv1611

Part and Inventory Search

Sponsor

Back
Top