Now at 5829 , still counting. madmac ----- Original Message ----- From: test To: qmailtoaster-list@qmailtoaster.com Sent: Thursday, April 08, 2010 1:05 PM Subject: [qmailtoaster] spam
I received reports today that my qmail server was spaamming, and trying to get into others ssh ports. Many complaints and emails from ab...@otherdomain.com ( eg ) Loggin in to the box , mostly unresonsive, sen a whole bunch of entries that looked dodgy eg: ./brk *** could not kill the process, so did a reboot. stopped qmail, stopped named, stopped mysql etc. created a " catch " directory mkdir -p /var/clamav/unwanted cd /var chown -R clamav:clamav clamav/ Then decided to manually run a complete clamav system scan ( after getting freshclam update ) cd / /usr/bin/clamscan -r -i --move=/var/log/clamav/unwanted/ -l /var/log/clamav/clamscan.log Currently found 2270 infected files , mostly users email with : Sanesecurity.Junk.27236.UNOFFICIAL FOUND ( the 27236 numbers vary ) And still scanning. So my question would be , why, is the server not stopping this when it come in to the email? What should I check in the configs. Thanks all madmac