Spent much of the day battling an apparent new worm that infected a PC in our Malaysia office. The worm repeatedly (over 22 times!) sent a 6.8MB MPEG attachment to 2 group email addresses. Of course, this very quickly filled up the server's hard disk! Before I had realized what was happening, I'd free up like 200MBs of space on the server and then like 5 minutes later the hard disk would be full again! I used Timbuktu to remote control the Malaysia server from Hong Kong for the troubleshooting. Initially I could do nothing because for some odd reason, our firewall in Malaysia was dropping packets for ports that Timbuktu uses (407, 1417-1420, tcp and udp) even though previously we configured Timbuktu communication to pass through and it was working. With the help of our part-time IT guy there, Chris Chow, we eventually got it working again (had to remove the rule, remove the service, add the predefined service again, add the rule again). Tomorrow we have to figure out what kind of worm it is and then clean it out of the infected system (if it is in fact a worm). The worm is sending via Outlook Express 4.72.3110.5 (as shown in the headers) and through our local mail server so it does not appear to have its own SMTP engine. The Outlook Express Sent Items folder does not contain any copies of the big message though.