Looking at the Mcafee AccessProtectionLog I noticed that behaviour only 26 times starting from 06/06/2009. Too few tries for a malware/virus, isn't it?
Could it be a port used fortuitously by named in his random port use? Ciao. Stefano. -----Messaggio originale----- Da: bind-users-bounces+stefano.chiesa=wki...@lists.isc.org [mailto:bind-users-bounces+stefano.chiesa=wki...@lists.isc.org] Per conto di Chiesa Stefano Inviato: venerdì 9 luglio 2010 15.09 A: bind-users@lists.isc.org Oggetto: R: Does bind send email? A couple of details: * bind is working fine and on the server the Task Manager shows just one named.exe process ("show processes from all users" checked) * I don't' think McAfee is triggering on MX lookups because he's blocking connection on port 25 (look at the end of log line: 187.58.17.194:25) 08/06/2010 23.31.19 1094 C:\bind\bin\named.exe Protezione antivirus standard:Impedisci a worm distribuiti tramite mass-mailing di inviare messaggi 187.58.17.194:25 Regards. Stefano. -----Messaggio originale----- Da: bind-users-bounces+stefano.chiesa=wki...@lists.isc.org [mailto:bind-users-bounces+stefano.chiesa=wki...@lists.isc.org] Per conto di Phil Mayers Inviato: venerdì 9 luglio 2010 14.23 A: bind-users@lists.isc.org Oggetto: Re: Does bind send email? On 09/07/10 12:18, tomasz dereszynski wrote: > > check below link > apparently viruses (some) hide themselves behind that name/process. > http://www.file.net/process/named.exe.html > > mind you, it might be something else ... > Maybe McAfee is triggering on MX lookups? _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
