Virus W32.Klez.H@mm was found

[tmbjl]

I am running Exchange 5.5 sp4 on a windows NT 4.0 server. We have current versions of Nortan Antivirus for Exchange all Virus Def are current. I am recieving a message from Nortan about every 10 min regarding different users saying Virus W32.Klez.H@mm was found. The attachment is being deleted and is found however, these messages are going out to users outside of our company and even though the virus seems to be spoofing and not acctually being sent I need to stop the message. Is anyone experiencing the same issue?
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!1

 

[brontosaurus]

If you just want to stop the auto-generated message, I believe that Norton provides a switch for that in their config GUI under Global Options....

 

[tmbjl]

I need to acctually stop the virus and I am not sure how to do this. Someone on the Network has to have it because they are the source of the spoofing. Do you have anymore suggestions. Thanks in advance.

 

[brontosaurus]

Those NDR's should state who the originator is. Once you've got that, you'll need to take the affected machines off the network and clean them manually...

 

[Chaupa]

Can you try initiating a network scan on your clients?

 

[badbuda]

You need to download and run the fix for the Klez virus. Go to Symantec's Web site (

http://www.symantec.com)

and then click on downloads and then Virus Removal Tools. Download the W32.Klez tool and then run on all infected machines! Good Luck!

 

[tmbjl]

Our server is setup to scan all messages before they are sent to the users and no one is showing up with the virus. Even though the NAV report gives a name of the sender from what Symantec says about this virus they are not the correct machine. This virus inserts a name for the sender who is not acctually sending the virus. Please help!!!!

 

[Hungster]

do yourself a favour, get rid off the symantec and get TrendMicro's ScanMail

i had the same problem mail incoming and ScanMail had Saved my A**
i use Server Protect to protect the PDC and Exchange box and use ScanMail on my Exchange box, turn the Server Protect to exclude the Incoming mail box and let ScanMail does it's job, then you will be happy ever after that

 

[JSAinc]

We had the same problem, here's what we did: Open each message declared "Undeliverable:|VIRUS SUBJECT LINE|" by the System Administrator with Notepad. Search the text to discover the "spoofed" sender AND the recipient. (Odds are niether are in your address book) Enter these addresses in Internet Mail Services|Connections|Message Filtering. You may also want to enter your company's own domain here as well, because the infected machine outside your office must contain an email address of someone inside your office. As you continue to "block" delivery of suspect incoming addresses, take note of which domains are most common and you may be able to indentify where the worm is coming from. If so, call the source you suspect and see if the addresses you've collected match the entries in their address book.