 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
Maybe the virus programmer made a mistake, perhaps it was intentional. I knew of one installation that (mistakenly) believed that they shouldn't run virus scanning on their secondary MX so that if the primary MX gets bogged down or crashes, mail can still get through. Perhaps there are more installations set up like that than I'd expectedd. -----Original Message----- From: Alex 'CAVE' Cernat [mailto:[EMAIL PROTECTED] Sent: Monday, August 04, 2003 11:57 AM To: [EMAIL PROTECTED] Subject: Re: WORM_MIMAIL.A Anyone have any info on what this does yet? On Mon, 4 Aug 2003 09:53:53 -0400 "att13543" <[EMAIL PROTECTED]> wrote: > I'd be interested if anyone can correlate what I've seen: we have 2 > MX records, one weighted at 10 (primary) and one at 20 (secondary). > Of the 200 or so MiMail's we've seen 100% have come through our > SECONDARY mail server. Maybe the SMTP engine was written poorly, or > maybe it was this way on purpose? if the virus send emails throught local smtp connection, it's a dns problem; but if the virus connects directly to the 'backup' smtp server, then, lamerish, the virus programmer probably believed that bigger value associated with mx meens 'prefered server', which is the exactly opposite as the rfc or any documentation available :-) Alex ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.