[Esa-l]097M.Tristate.Variant in a -.PPT leaked through
Karl Dunn
Karl.Dunn at vmic.com
Wed May 23 11:42:51 PDT 2001
Our Norton scanner running on our internal Exchange server caught and
fixed a virus that John's scanner didn't trigger on. (His scanner runs on
a SunOS 4.1.3_U1 SPARC IPX box before mail gets to the Exchange server).
- - - - -
Norton AntiVirus found the "O97M.Tristate.Variant" virus in the attachment
"SMTA Presentation.ppt".
The file was Repaired.
Sender of the infected attachment: FrTurner at aol.com
Recipient of the infected attachment: Jim Nunns\Inbox
Subject of the message: Re: SMTA Presentation
- - - - -
John's filter's log:
- - - - -
Defanging active HTML content in "Re: SMTA Presentation" from FrTurner at aol.com to Jim.Nunns at vmic.com msgid=<7f.14be267c.283d558f at aol.com>
Sanitizing MIME attachment headers in "Re: SMTA Presentation" from FrTurner at aol.com to Jim.Nunns at vmic.com msgid=<7f.14be267c.283d558f at aol.c
om>
Scanning "SMTA Presentation.ppt".
- - - - -
We don't MANGLE_EXTENSIONS the PPT, and it's not in the poison list, but
usually a virus triggers the macro scorer and a warning message gets
attached following the offending attachment. Why not this time?
See:
http://www.symantec.com/avcenter/venc/data/o97m.tristate.html
Karl Dunn (KLD13)
VMIC
12090 South Memorial Parkway
Huntsville AL USA 35803
VOICE: (256) 382-8211 or (800) 322-3616
FAX: (256) 650-5472 or (256) 882-0859
More information about the esd-l
mailing list