This saved us with the MyDoom virus

[dpflkr]

I found this to be a great help and thought I'd share it.

I had set up our Exchange 2000 server to send copies of NDR to my email address. Early Tuesday morning when I came in to work and checked my mail, I had several undeliverable emails because of bad email addresses. By looking at the subject lines, I was suspicious that a new virus may have come out so I checked Symantec's website and found out that a new virus was indeed out.

Because of the early warning sign I got with the NDR emails, I was able to force our server to update the virus protection earlier than we have it scheduled and was able to get all of our 200 Pc's protected before we started getting the virus in to valid emails around noon. Without the early tip off, there is no way I would've been able to get everything updated before users started clicking on attachments!

I have also found the NDR emails helpful in troubleshooting non-delivery problems to other servers and get it corrected before the user is aware of any issues.

I hope this is useful to you as well!!

 

[Marcs41]

That may be helpful indeed, but... an AntiVirus App. should ALWAYS be up-to-date (to be checked twice a day), not just when you get suspicious!

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC![/sub]

 

[dpflkr]

We do. Our server is set up to automatically check for virus updates. It had already done the first check before the updated definitions were released, and had not yet done its second scheduled check when I read about the virus and forced the update earlier than scheduled.

 

[Marcs41]

That is what I meant with Checking, I did mean manually.
I have never trusted the automated updates, they are set and work, but when the site is temp. down or overloaded, some packages wait 1 DAY before retry and that is too high a risk.
It takes 2 seconds to click on the check, but can save you hours of work. I saved me several times already!

 

[dpflkr]

Oh, I see what you mean. I have our virus protection set up to recheck for definition updates within 8 hours of a missed event, and I also have randomization checks set up to randomly check for updates as well.

 

[Marcs41]

There is nothing wrong with how you do it of course, but you may have noticed the last 3 days that more updates came in than usual, some within 2 hours after the previous.
I had them, because I am so overly concerned with viruses, the auto-update did not.

 

[shginfo]

Check out Trend Micro ScanMail.
Gives you the option to update your filter "hourly".
Best there is...

Greets,
Maik

 

[tmt7734]

Anyone who uses Symantec antivirus server on there network here is a script you can run to update via ftp. Symantec's liveupdate doesn't update nearly as quickly as it should.

Batch file:

ftp -s:cescript.txt
call "c:\sav-ftp\navup8.exe"
move c:\sav-ftp\*.xdb C:\Progra~1\SAV
del /q c:\sav-ftp\navup8.exe

cescript.txt:

open ftp.symantec.com
anonymous
nobody@spammer.com
cd public/english_us_canada/antivirus_definitions/norton_antivirus/static
lcd C:\sav-ftpbin
hash
prompt
get navup8.exe
quit



I run this hourly.