Novell is now a part of Micro Focus

EMAIL Viruses attack Computers Worldwide over Thanksgiving Holiday

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 29 Nov 2005

Last week during the US Thanksgiving Holiday, a flurry of fast moving viruses attacked computers worldwide. One of these viruses was a variant on the aggressive Sober virus. The virus was ranked a high threat by many Anti-Virus vendors and moved rapidly across the Internet. After the first hour of the attack only approximately 50% of Anti-Virus vendors had released security updates to protect their customers from the virus variants. Due to the intensity of the attack it is highly possible that variants of the virus penetrated your Anti-Virus protection before the security updates could be installed.

GWAVA strongly recommends updating your anti-virus signature files and then run a virus scan against your GroupWise post offices to determine if your system has been compromised. Because of the speed of the attack, it is possible that copies of the virus are now embedded into your GroupWise message store databases.

GWAVA Post Office Sweep allows you to sweep the GroupWise Post Office and scan for the viruses to determine if your system is clean. If the virus is detected, GWAVA is able to remove the virus using your current Anti-Virus solution. Here is McAfee's assessment of the virus.

Here are the instructions for executing a AV Sweep against your GroupWise post office:

  1. Enable GWAVA's Virus Scanning function. Use the included Kaspersky AV engine, or follow to configure your existing AV software to work with GWAVA.
  2. In the GWAVA Configuration Program -> Miscellaneous -> Decompression Engine menu, make sure that "Enable Decompression Engine" and "Also Scan Archive Shell" are selected.
  3. In the GWAVA Configuration Program -> Post Office Scanning menu, confirm that "Enable scheduled post office scanning" is enabled and that Post Office Scanning is configured and working. If it is not, click on "Add", and in the "Add a Post Office" window, provide the IP address and IMAP port (enable IMAP on the Post Office in ConsoleOne) of the PO.
  4. Save all changes.
  5. Unload the MTA.
  6. Execute NOGWAVA.NCF at the server prompt.
  7. Reload the MTA.

These instructions allow you to begin scanning your GroupWise post offices for dormant or lurking viruses that have attached themselves to email messages within your GroupWise system.

More information can be found at and you can download an evaluation version of GWAVA

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates