On 11/04/2013 01:27 PM, Nicholas Chua wrote: > Hi, > > I am receiving an average of 13 new virus each day. Due to these virus, > email accounts passwords are stolen and caused massive spams from the > server. Valuable time is wasted to delist our IP and to maintain a > private list of a virus database which till date 100+ virus are still > not detected by clamav. > > This server is housing about 600 users. We were not experience this > issue since 4 months ago. Anyone out there would like to share your > experience fighting virus? > > Thanks > nic
Something doesn't feel right about this to me. Dan and Brent are quite capable and experienced with this sort of thing, and they've made good suggestions. However, I think Dan is wrong about his item #1. TTBOMK, QMT by default scans all messages for viruses, even ones which are submitted with authentication. I am very surprised that you have a list of 100+ viruses that clamav has failed to detect. If indeed your QMT host is passing along that number of viruses, I would expect that clamav scanning isn't happening as it should, and/or your freshclam updates aren't functioning properly. Will you please post samples from of your clamd and freshclam logs which demonstrate its operation? Once we've verified that things are working properly, we should contact the clamav developers about the 100+ viruses you've accumulated and see what they have to say. I expect that they'll say they're not viruses, but some other type of malware. There are phishing emails that abound. In order for clamav to filter these, you need to have the sanesecurity rules installed. These rules can be installed using the qtp-install-sanesecurity script. That improve your filtering of phishing attempts. There are several ways that passwords become compromised, allowing spammers to use a mail server to illegitimately send spam. TTBOMK, viruses are not the most common of these. If your QMT host is sending out spam from authenticated accounts, you would do well to consider Dan's advice. I would also add that you should take measures to be sure that passwords are always encrypted. This is more likely the source of your problem than any sort of malware, in my experience. Bottom line here is that I think you may be looking for a solution without a thorough understanding of the problem. We'll continue to try to help you identify what's really going on, so you can apply appropriate solutions. -- -Eric 'shubes' --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com