Re: [newbie] Virus laden e-mail
Inhabitant of Zion wrote: So zap them before they even hit your machine: Just found out how to set my server to return to sender all mails to unknown users. Not ideal but at least I am getting a bit of peace and quite again! :-) I'm not sure if you want to do that. If it's anything like the stuff that was hitting my inbox a while back, the sender isn't really the virus, but it's using a designated unsecure SMTP server to masquerade as a specific sender, even though that sender doesn't have the virus. I don't know anything about this particular worm, but I know my inbox has been cluttered by similar stuff before. Oddly enough, I started getting it after I posted my email address(es) in a MSDN forum the address(es) I didn't post have never gotten it. Suspicous. Anywho, that's my two cents, SigmaChi -- Registered Linux user #: 366,862 Registered Linux computer #: 261,856 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
Continuing this Thread.. I have just been hit with a netsky laden email, and the from address was [EMAIL PROTECTED] Guess what? I have parsed the header, and it originates from tpg.com.au I have sent the TPG abuse department a nice little email, along with a copy of the headers, asking them to please get in touch with this subscriber, and offer them advice on getting rid of this infection or better still, suspend their account until they can prove that they are clean Wont hold my breath though! James Hill - Original Message - From: Eric Huff [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, December 18, 2004 6:48 AM Subject: Re: [newbie] Virus laden e-mail According to the 'Received:' trace, the message originated at: [220.244.219.186] linux-mandrake.com (220-244-219-186-qld.tpgi.com.au [220.244.219.186]) I have gotten 3-4 from the same IP range, all tpgi.com.au. I usually warn users but no one ever pay attention so I figured I would skip it this time. Yes Bryan, this is the ip address. I have been getting about 25 an hour. And then they stop for awhile, and then they come back. I'm thiking that they stop when wohever it is turns their machine off. I sent a message twice to tpgi to report it. I also sent a message to tpgi. And just now i got a rejection (or maybe a spoofed rejection) as if i had sent a mail from that ip address. I do get it at a different address that i don't use on mandrake lists, so it must be using the spam database as well. eric -- Mandrake HowTo's More: http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
Glad I proved helpful once I had time to write an extended reply.
{^_-}
- Original Message -
From: Inhabitant of Zion [EMAIL PROTECTED]
Hi
OK I've read with interest some of your replies. It would seem that
what I have actually been doing is rejecting any emails sent to me
whereby the user is not registered on my server.
...
Anyway it seems to have done the trick as the problem seems to have
resolved itself.
Cheers
--
John Willby Registered Linux user number 321644
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Thursday 16 December 2004 23:27, jdow wrote: Humble (moi! humble?) request, please be careful with terminology, even if AOL and Microsoft are sloppy as hell. Bounce sends a message back to the purported sender, [EMAIL PROTECTED] Rejects simply reject it from the server forwarding the email to your mailbox. The purported sender is not involved and never sees the failure unless something ELSE, like the sending server, informs him of the error. Well, I was being a little loose with the term, referring to the fact that a REJECT code will often generate a bounce message from the MTA whose connection has been rejected. However, that does NOT mean that the spoofed address gets the bounce message unless their address just happens to be on the same MTA as the domain of the spoof. Thus, if you REJECT a message from hotmail.com MTA and the spoofed from just happens to be from hotmail.com, that address will likely get a bounce message. With SPF coming into play and more and more exploited machines, this is very likely to start to happen more often. Hopefully, it will provide some incentive for administrators to monitor their systems and make sure that they don't have tons of zombie machines on them. 100% correct. If you use fetchmail you're stuck. Filtering is all you can do. I reiterate SARE is WONDERFUL. Not totally, of course. You can use fetchmail and then generate a reject code back to the server based on criteria. When doing this, the message gets rejected by your system but, in most cases, will NOT result in a bounce being sent as the MTA will most likely just dump the message unless it just happens to be from a local user on that MTA. -- Bryan Phinney Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
JoeHill wrote: Actually, I've found several times that AVG catches malware that Norton doesn't, and it's free, and got a *way* smaller footprint than Norton's bloatware. I use Avast! antivirus for Windoze. seems to be quicker than AVG, and it's free! They also offer a version for Linux servers, but it's only a demo, and after the trial, you either have to pay up for the license, or find something else! Check it out at www.avast.com Cheers, James -- Sent using Mozilla Thunderbird on Mandrake Linux 10.1 100% virus free, as it's nothing to do with Microsoft! 73 de 2E0ZZY Yaesu FT-902DM 50w with quad band nested dipoles Yaesu FT-7800E Dual Band, Watson W20 Vertical Tait T500 SII 70.425 70.450MHz - Now with G6OHM 4 Ch. Conversion! Packet: [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
JoeHill wrote Takes more time, but in the long run, if everyone did this, well, it would totally destroy the cost/benefit ratio for spammers. I do this religiously, using SpamCop... Trouble is, virtually all the pharmacy/porn sites are either on Brazilian or Chinese servers. they have abuse addresses to send reports to, but in reality the mails either bounce, as the mailboxes are full as they never get read, or they just ignore them. it's as if they dont give a monkeys what happens, providing the bill gets paid! As for the emails, they just adopt Spam Run tactics, often spamming moving on to another ISP before any abuse gets reported. I have resorted to doing a WHOIS on the domain name, and if any info is found to be false, taking it up with the registrar... at least the site gets pulled, if only to pop up elsewhere a day or so later. Ho Hum! JRH -- Sent using Mozilla Thunderbird on Mandrake Linux 10.1 100% virus free, as it's nothing to do with Microsoft! 73 de 2E0ZZY Yaesu FT-902DM 50w with quad band nested dipoles Yaesu FT-7800E Dual Band, Watson W20 Vertical Tait T500 SII 70.425 70.450MHz - Now with G6OHM 4 Ch. Conversion! Packet: [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
From: J [EMAIL PROTECTED]
JoeHill wrote
I have resorted to doing a WHOIS on the domain name, and if any info is
found to be false, taking it up with the registrar... at least the site gets
pulled, if only to pop up elsewhere a day or so later.
Hey, Dude, where's your sense of fun? Every once and awhile I'll send an
email to the Chinese ISPs that forward spam to me thanking them for the
order for 10,000 Bibles telling them they'll be forwarded as soon as we
can get them onto the shipping container.
{O.O}
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
Hey, Dude, where's your sense of fun? Every once and awhile I'll send an
email to the Chinese ISPs that forward spam to me thanking them for the
order for 10,000 Bibles telling them they'll be forwarded as soon as we
can get them onto the shipping container.
Heh
Every time I try to mail a Chinese ISP, I get sorry, mailbox over quota
Humph.
JRH
- Original Message -
From: jdow [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, December 17, 2004 9:34 PM
Subject: Re: [newbie] Virus laden e-mail
From: J [EMAIL PROTECTED]
JoeHill wrote
I have resorted to doing a WHOIS on the domain name, and if any info is
found to be false, taking it up with the registrar... at least the site
gets
pulled, if only to pop up elsewhere a day or so later.
Hey, Dude, where's your sense of fun? Every once and awhile I'll send an
email to the Chinese ISPs that forward spam to me thanking them for the
order for 10,000 Bibles telling them they'll be forwarded as soon as we
can get them onto the shipping container.
{O.O}
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Wednesday 15 December 2004 11:35 pm, Todd Slater wrote: On Wed, Dec 15, 2004 at 07:32:54PM -0500, Greg Meyer wrote: Is anybody else on this list getting bombarded with virus laden e-mail from a particular ip address in Australia? Whoever it is is sending to the address that I use for the Mandrake lists, so I am thinking it may be one of our newbie windows users. If you use windows and are in Australia, please check your box for viruses. Prolly that Kuhn guy. I got one wednesday and I haven't received anything from either the newbie or expert lists on my verizon account since, I've subscribed with a hotPop account and the mail is still coming on that. Dan Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
I figure the damage is already done by the time it gets to that mailbox
over quota message. The Chinese government probably raises heck with the
ISP Word is that they snoop EVERYTHING.
{^_-}
- Original Message -
From: J [EMAIL PROTECTED]
Hey, Dude, where's your sense of fun? Every once and awhile I'll send an
email to the Chinese ISPs that forward spam to me thanking them for the
order for 10,000 Bibles telling them they'll be forwarded as soon as we
can get them onto the shipping container.
Heh
Every time I try to mail a Chinese ISP, I get sorry, mailbox over quota
Humph.
JRH
- Original Message -
From: jdow [EMAIL PROTECTED]
From: J [EMAIL PROTECTED]
JoeHill wrote
I have resorted to doing a WHOIS on the domain name, and if any info
is
found to be false, taking it up with the registrar... at least the site
gets
pulled, if only to pop up elsewhere a day or so later.
Hey, Dude, where's your sense of fun? Every once and awhile I'll send an
email to the Chinese ISPs that forward spam to me thanking them for the
order for 10,000 Bibles telling them they'll be forwarded as soon as we
can get them onto the shipping container.
{O.O}
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail (mailfilter)
JoeHill wrote: On Thu, 16 Dec 2004 16:32:49 + Inhabitant of Zion disseminated the following: I have set up so they all go straight to the trash but it sure is a pain in the neck as I am having to remove from the trash about 1800 every hour. So zap them before they even hit your machine: http://mailfilter.sourceforge.net/ It won't catch all of them, but it should at least cut down quite a bit the amount getting through. How would i set up fetchmail to work with mozilla ? as a cronjob using mailfilter misses some of the mails. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
According to the 'Received:' trace, the message originated at: [220.244.219.186] linux-mandrake.com (220-244-219-186-qld.tpgi.com.au [220.244.219.186]) I have gotten 3-4 from the same IP range, all tpgi.com.au. I usually warn users but no one ever pay attention so I figured I would skip it this time. Yes Bryan, this is the ip address. I have been getting about 25 an hour. And then they stop for awhile, and then they come back. I'm thiking that they stop when wohever it is turns their machine off. I sent a message twice to tpgi to report it. I also sent a message to tpgi. And just now i got a rejection (or maybe a spoofed rejection) as if i had sent a mail from that ip address. I do get it at a different address that i don't use on mandrake lists, so it must be using the spam database as well. eric -- Mandrake HowTo's More: http://twiki.mdklinuxfaq.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
has anyone heard of 'xunil live'? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
I do not get any that are not picked up by either my filters or clamav. They get picked up but I get an annoying message sent to me by Clamav saying a message with a virus was sent and has been quarantined. So I get a mail to me to delete and a .msg and a .log file to get rid of from the server. I really must play around with it so that it just deletes the darn things... I got a massive 215 from DHTMLcentral this morning. G! -- John Willby Registered Linux user number 321644 ICQ: 92791912 MSN: [EMAIL PROTECTED] Linux is like a wigwam - No Gates, no Windows, Apache inside. 08:40:22 up 3 days, 23:48, 1 user, load average: 0.06, 0.07, 0.01 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 16 Dec 2004 00:32, Greg Meyer wrote: Is anybody else on this list getting bombarded with virus laden e-mail from a particular ip address in Australia? Whoever it is is sending to the address that I use for the Mandrake lists, so I am thinking it may be one of our newbie windows users. If you use windows and are in Australia, please check your box for viruses. None from Australie, Greg. One that claims to come from Praedor, which appears to originate from Defence Information Systems Agency, Virginia, USA, one apparently from NL and one apparently from Germany. I've given up trying to work out how they get addresses. I get occasional ones to an address that I only use for carefully selected g friends and family. I guess one infected machine somewhere has leaked it from their addressbook. Anne - -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Mandrake at all levels -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBwV0fkFAvMr/nNX8RAr2lAJ4p49cSMSrjt+oxSnIiDR2y+KyJtQCfRmN4 wQ/WEWSGcnsDW3O0CtAvNVg= =QBzK -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 16 Dec 2004 07:29, Charles A Edwards wrote: On Thu, 16 Dec 2004 07:27:02 + Inhabitant of Zion wrote: I have been getting a load from Germany and also a shed load yesterday from DHTMLcentral. I feel neglected and under privileged. I do not get any that are not picked up by either my filters or clamav. Ah yes. I don't use clamav, but PopFile has correctly picked up and filtered them to my virused folder, so I'm happy, too. Anne - -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Mandrake at all levels -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBwV4NkFAvMr/nNX8RAmcAAJ9xFp8X2GoeX4rOOSptxR8B7VuEFwCaA4yQ oRB0GFgDj+eMqLOsdlsOp3I= =fCV3 -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Thursday 16 December 2004 00:14, Hugh Dixon wrote: What's the IP address? I fit the profile, and as our windows admin is not around, I cannot check the status of our antivirus software... According to the 'Received:' trace, the message originated at: [220.244.219.186] linux-mandrake.com (220-244-219-186-qld.tpgi.com.au [220.244.219.186]) I have gotten 3-4 from the same IP range, all tpgi.com.au. I usually warn users but no one ever pay attention so I figured I would skip it this time. -- Bryan Phinney Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Thu, 16 Dec 2004 02:29:41 -0500 Charles A Edwards disseminated the following: I have been getting a load from Germany and also a shed load yesterday from DHTMLcentral. I feel neglected and under privileged. I do not get any that are not picked up by either my filters or clamav. LOL! I know how ya feel, Charles. Gotta love Procmail! -- JoeHill / RLU #282046 / www.freeyourmachine.org 09:35:36 up 25 days, 47 min, 4 users, load average: 0.17, 0.05, 0.01 +++ Rule $19.99 (Brad `Squid' Shapcott): The Internet *isn't* *free*. It just has an economy that makes no sense to capitalism. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Thursday 16 Dec 2004 14:37, JoeHill wrote: On Thu, 16 Dec 2004 02:29:41 -0500 Charles A Edwards disseminated the following: I have been getting a load from Germany and also a shed load yesterday from DHTMLcentral. I feel neglected and under privileged. I do not get any that are not picked up by either my filters or clamav. LOL! I know how ya feel, Charles. Gotta love Procmail! Ok you have got me worried now !Is it a win virus or one writen for Linux? How do I check that clam is working and configure it. I have a smoothwall firewall so I don't worry too much about the worms and it's logs tell me if a trojan has been inadvertivly downloaded, My windoz machine runs norton, updated daily Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Thu, 16 Dec 2004 16:32:49 + Inhabitant of Zion disseminated the following: I have set up so they all go straight to the trash but it sure is a pain in the neck as I am having to remove from the trash about 1800 every hour. So zap them before they even hit your machine: http://mailfilter.sourceforge.net/ It won't catch all of them, but it should at least cut down quite a bit the amount getting through. -- JoeHill / RLU #282046 / www.freeyourmachine.org 12:03:44 up 25 days, 3:15, 4 users, load average: 0.00, 0.00, 0.00 +++ When the going gets weird, the weird turn pro. -- Hunter S. Thompson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
So zap them before they even hit your machine: Just found out how to set my server to return to sender all mails to unknown users. Not ideal but at least I am getting a bit of peace and quite again! :-) -- John Willby Registered Linux user number 321644 ICQ: 92791912 MSN: [EMAIL PROTECTED] Linux is like a wigwam - No Gates, no Windows, Apache inside. 17:23:26 up 4 days, 8:31, 1 user, load average: 0.09, 0.09, 0.32 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Thursday 16 December 2004 10:55, John Bowden wrote: Ok you have got me worried now !Is it a win virus or one writen for Linux? How do I check that clam is working and configure it. I have a smoothwall firewall so I don't worry too much about the worms and it's logs tell me if a trojan has been inadvertivly downloaded, My windoz machine runs norton, updated daily The one in questions is ID'd as SomeFool.P on my system. Win32 so same old advertisement for running Linux if you are attached to the net. -- Bryan Phinney Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Thu, 16 Dec 2004 15:55:22 + John Bowden disseminated the following: Ok you have got me worried now !Is it a win virus or one writen for Linux? Guaranteed it's someone's Windows box has been zombied with a worm and is spewing this crap. As far as I know, there are *no* Linux viruses in the wild. There are proof of concept vulnerabilities, and it is not impossible for someone to 'own' your Linux box if they target you specifically, but on the whole as long as you do regular checks for rootkits you should be OK. How do I check that clam is working and configure it. Not sure about that one. I bet there's a log file for it somewhere, if you check the docs it may tell you where to look. ClamAV expert around? I have a smoothwall firewall so I don't worry too much about the worms and it's logs tell me if a trojan has been inadvertivly downloaded, My windoz machine runs norton, updated daily Actually, I've found several times that AVG catches malware that Norton doesn't, and it's free, and got a *way* smaller footprint than Norton's bloatware. -- JoeHill / RLU #282046 / www.freeyourmachine.org 13:12:03 up 25 days, 4:23, 4 users, load average: 0.00, 0.00, 0.00 +++ The future is here. It's just not widely distributed yet. -- William Gibson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Thursday 16 December 2004 05:46 am, Bryan Phinney wrote: On Thursday 16 December 2004 00:14, Hugh Dixon wrote: What's the IP address? I fit the profile, and as our windows admin is not around, I cannot check the status of our antivirus software... According to the 'Received:' trace, the message originated at: [220.244.219.186] linux-mandrake.com (220-244-219-186-qld.tpgi.com.au [220.244.219.186]) I have gotten 3-4 from the same IP range, all tpgi.com.au. I usually warn users but no one ever pay attention so I figured I would skip it this time. Yes Bryan, this is the ip address. I have been getting about 25 an hour. And then they stop for awhile, and then they come back. I'm thiking that they stop when wohever it is turns their machine off. I sent a message twice to tpgi to report it. -- /g Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Thu, 2004-12-16 at 11:32, Greg Meyer wrote: Is anybody else on this list getting bombarded with virus laden e-mail from a particular ip address in Australia? Whoever it is is sending to the address that I use for the Mandrake lists, so I am thinking it may be one of our newbie windows users. If you use windows and are in Australia, please check your box for viruses. Ya know it certainly wasn't me. -- stephen kuhn mobile: 0410-728-389 illawarra and regional new south wales --- GNU/Linux/OpenSource Solutions and Alternatives 100% Microsoft Free - Reboot is NOT an option. Registered Linux User # 267497 --- Leela: He's crude and gross and he treats me like a slave. Fry: Then dump his one-eyed ass. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Thu, 2004-12-16 at 15:35, Todd Slater wrote: On Wed, Dec 15, 2004 at 07:32:54PM -0500, Greg Meyer wrote: Is anybody else on this list getting bombarded with virus laden e-mail from a particular ip address in Australia? Whoever it is is sending to the address that I use for the Mandrake lists, so I am thinking it may be one of our newbie windows users. If you use windows and are in Australia, please check your box for viruses. Prolly that Kuhn guy. Ya reckon it mighta come offa my new OS/2 box on the network, or possibly the Dell Poweredge running RH9? -- stephen kuhn mobile: 0410-728-389 illawarra and regional new south wales --- GNU/Linux/OpenSource Solutions and Alternatives 100% Microsoft Free - Reboot is NOT an option. Registered Linux User # 267497 --- People that can't find something to live for always seem to find something to die for. The problem is, they usually want the rest of us to die for it too. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Fri, 2004-12-17 at 02:55, John Bowden wrote: On Thursday 16 Dec 2004 14:37, JoeHill wrote: On Thu, 16 Dec 2004 02:29:41 -0500 Charles A Edwards disseminated the following: I have been getting a load from Germany and also a shed load yesterday from DHTMLcentral. I feel neglected and under privileged. I do not get any that are not picked up by either my filters or clamav. LOL! I know how ya feel, Charles. Gotta love Procmail! Ok you have got me worried now !Is it a win virus or one writen for Linux? How do I check that clam is working and configure it. I have a smoothwall firewall so I don't worry too much about the worms and it's logs tell me if a trojan has been inadvertivly downloaded, My windoz machine runs norton, updated daily You will not get hit with a linux based virus. It is a Win32 virus. -- stephen kuhn mobile: 0410-728-389 illawarra and regional new south wales --- GNU/Linux/OpenSource Solutions and Alternatives 100% Microsoft Free - Reboot is NOT an option. Registered Linux User # 267497 --- District of Columbia pedestrians who leap over passing autos to escape injury, and then strike the car as they come down, are liable for any damage inflicted on the vehicle. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Thu, 2004-12-16 at 21:46, Bryan Phinney wrote: On Thursday 16 December 2004 00:14, Hugh Dixon wrote: What's the IP address? I fit the profile, and as our windows admin is not around, I cannot check the status of our antivirus software... According to the 'Received:' trace, the message originated at: [220.244.219.186] linux-mandrake.com (220-244-219-186-qld.tpgi.com.au [220.244.219.186]) I have gotten 3-4 from the same IP range, all tpgi.com.au. I usually warn users but no one ever pay attention so I figured I would skip it this time. So it came from Queensland. The ISP is called TPG. -- stephen kuhn mobile: 0410-728-389 illawarra and regional new south wales --- GNU/Linux/OpenSource Solutions and Alternatives 100% Microsoft Free - Reboot is NOT an option. Registered Linux User # 267497 --- Live from New York ... It's Saturday Night! Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
Yes, your MSN monicker is indeed correct. You are a sillydilly. Well OK then rather that telling me how stupid I am why not make some sort of constructive suggestion. I did a who-is search on host14-206.pool8172.interbusiness.it and got bugger all. Found out the IP to be 81.72.206.14 I tried - ipchains -A INPUT -s 81.72.206.14 -j DROP But my server does not seem to have ipchains or at least it did not recognise the command and yes I was logged in as root. Ideally what I want to do is to get my server to just say Bog off when the delivery attempt is made. But I don't know how to do that. I had hoped that adding the IP or the sender details to the black list of Spam Assassin might do this but it does not. I guess the best thing would be to do a /dev/null in my procmail script if I had the faintest idea how to do that. Please remember not everyone that frequents this list has a computer science course under their belt or has had systems admin training. I'm just one guy running a server from home just because for me its a fun hobby. Everything I know I've had to pick up by asking silly questions on lists like this! Cheers -- John Willby Registered Linux user number 321644 ICQ: 92791912 MSN: [EMAIL PROTECTED] Linux is like a wigwam - No Gates, no Windows, Apache inside. 23:54:57 up 4 days, 15:03, 1 user, load average: 0.06, 0.03, 0.09 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Thu, 16 Dec 2004 15:07:02 -0800 jdow disseminated the following: When I find some idiot doing this Okay, that was a little much...and I'm an expert on such things, ask anyone here! :-D -- JoeHill / RLU #282046 / www.freeyourmachine.org 19:19:16 up 25 days, 10:30, 4 users, load average: 0.16, 0.10, 0.04 +++ There are literally several levels of SCO being wrong. And even if we were to live in that alternate universe where SCO would be right, they'd still be wrong. -- Linus Torvalds Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
From: Inhabitant of Zion [EMAIL PROTECTED]
Yes, your MSN monicker is indeed correct. You are a sillydilly.
Well OK then rather that telling me how stupid I am why not
make some sort of constructive suggestion.
In a word: SpamAssassin
{^_^}
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Fri, 17 Dec 2004 00:14:56 + Inhabitant of Zion disseminated the following: I did a who-is search on host14-206.pool8172.interbusiness.it and got bugger all. Found out the IP to be 81.72.206.14 Do a whois on the IP :-) I tried - ipchains -A INPUT -s 81.72.206.14 -j DROP But my server does not seem to have ipchains or at least it did not recognise the command and yes I was logged in as root. There is an 'ipchains' package, if you are comfortable with that, which it seems you are. Are you accepting mail directly to your machine, or POP'ing your ISP? Ideally what I want to do is to get my server to just say Bog off when the delivery attempt is made. Well, AFAIK, the only way to do that is with a bounce, and there's the rub. When you bounce, you just doubled the 'damage' that the spam mail caused, and as jdow so politely pointed out, you may be bouncing to someone who never sent anything, unless you can bounce to the originating IP, but I haven't the faintest idea how you could configure Postfix/Procmail/whatever to do something like that. I'd like to do the same thing, I'm sure a lot of people very annoyed with spam and viruses would, but... But I don't know how to do that. I had hoped that adding the IP or the sender details to the black list of Spam Assassin might do this but it does not. I guess the best thing would be to do a /dev/null in my procmail script if I had the faintest idea how to do that. Something to check out: http://agriroot.aua.gr/~nikant/nkvir/ Just add it to your .procmailrc, follow the instructions to make sure it's config'd properly, and you can /dev/null them if you want (though it's not recommended). I've been using this recipe for over a year and only had one false positive. -- JoeHill / RLU #282046 / www.freeyourmachine.org 19:57:29 up 25 days, 11:09, 4 users, load average: 0.01, 0.03, 0.00 +++ True communication is possible only between equals, because inferiors are more consistently rewarded for telling their superiors pleasant lies than for telling the truth. -- The SNAFU Principle Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
Yes, your MSN monicker is indeed correct. You are a sillydilly. Well OK then rather that telling me how stupid I am why not make some sort of constructive suggestion. I did a who-is search on host14-206.pool8172.interbusiness.it and got bugger all. Found out the IP to be 81.72.206.14 I tried - ipchains -A INPUT -s 81.72.206.14 -j DROP But my server does not seem to have ipchains or at least it did not recognise the command and yes I was logged in as root. You are probably running iptables, instead of ipchains. Ideally what I want to do is to get my server to just say Bog off when the delivery attempt is made. But I don't know how to do that. Depending on the mail server, you can set up rules to reject IP's, IP ranges, or hosts, complete with error number, and message. This can be an advantage when you just want to block the email, but still want to allow other connections. (TO a web server, for example...) For postfix, take a look at the /etc/postfix/access file. I had hoped that adding the IP or the sender details to the black list of Spam Assassin might do this but it does not. I guess the best thing would be to do a /dev/null in my procmail script if I had the faintest idea how to do that. Please remember not everyone that frequents this list has a computer science course under their belt or has had systems admin training. I'm just one guy running a server from home just because for me its a fun hobby. Everything I know I've had to pick up by asking silly questions on lists like this! Cheers As I always did this in the mail server setup, I am not sure how to do it in procmail. But I am sure someone will supply that information. Mikkel -- Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Thursday 16 December 2004 20:09, JoeHill wrote: Ideally what I want to do is to get my server to just say Bog off when the delivery attempt is made. Well, AFAIK, the only way to do that is with a bounce, and there's the rub. Actually, not necessarily. In Postfix, if you setup to reject the message you basically send a reject code 554 which tells the originating server that the mail is rejected. It does NOT bounce to the FROM address, it actually drops the mail at the connecting server. So, if this is a virus propagating machine, it is the one receiving the bounce, not the spoofed address. If you are using fetchmail or the like and pulling mail from a server, you are indeed unable to drop the connection machine, however, most mail servers that relay are set to simply drop mail when they receive a 554 reject code, so no bounce message is ever sent, the mail just drops. Of course, some might actually try to send a reject to the From address assuming that is the originator, but with all the mail viruses today, most mail servers don't bother. However, for viruses, it is impossible to issue a 554 on connect because the only way to know it is a virus is to download the body and by the time you get all of the mail, it is simply too late to reject it. So, the only choice is to drop it yourself unless you want to go to the trouble of manually bouncing the mail to the From which would be pointless. Something to check out: http://agriroot.aua.gr/~nikant/nkvir/ Just add it to your .procmailrc, follow the instructions to make sure it's config'd properly, and you can /dev/null them if you want (though it's not recommended). I've been using this recipe for over a year and only had one false positive. Also, you could install and run Amavis, amavis-new, etc. along with clamav which has Mandrake RPM's available. That will provide virus detection and filtering and gives you the option of disregarding all notification and dumping viruses or you can collect them and impress your friends. I have 8 different ones now, including 4 variations on the same virus. I am competing against my friend that runs Windows, but I am starting to doubt that I will ever catch up. I guess Windows really is just better at some things than Linux. ;-} -- Bryan Phinney Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
From: JoeHill [EMAIL PROTECTED]
Ideally what I want to do is to get my server to just say Bog off
when the delivery attempt is made.
Well, AFAIK, the only way to do that is with a bounce, and there's the
rub. When
you bounce, you just doubled the 'damage' that the spam mail caused, and
as jdow
so politely pointed out, you may be bouncing to someone who never sent
anything,
unless you can bounce to the originating IP, but I haven't the faintest
idea how
you could configure Postfix/Procmail/whatever to do something like that.
I'd
like to do the same thing, I'm sure a lot of people very annoyed with spam
and
viruses would, but...
I react rather strongly to being victimized by a joe job and the
bounces that people who've not spent 2 minutes to really think about
the problem send ME instead of the real originator. There is nothing
you can do about being a victim joe job other than to ride it out.
(Well, if you manage to find the real author of the joe job software
or the people who commissioned the joe job attacks and break a few
instructional bones it might do some good, briefly. {^_-}) The best
help you can provide for the joe job is not to facilitate the attack
by not bouncing emails like that. (It has gotten to the point it's not
a good policy to bounce anything except on a full mailbox. It can lead
to YOU getting attacked since a fair number of the no such user
emails you receive are fishing for real users, some are intended to
bounce and victimize the purported rather than actual sender, and the
small remaining number seem to be designed to either target or harrass
the system administrators.
There are ways to drop email cleanly. Greylisting is one such tactic
that has its rather vocal proponents. It tends to lead to delays in
receiving many legitimate emails. If those delays do not harm you then
greylisting is an excellent approach. It may be a little difficult to
setup, though. Another technique is to cull IP addresses from the
Received-From chains, check them with several black hole lists, and
if your score from these checks is high enough you terminate the
transaction. This can be very time consuming in your MTA. However,
if it is a one person setup that should be no particular problem. If
it is for an ISP with thousands of subscribers it could bring the
mail server machines to their knees fairly quickly.
All in all using a tool like a well trained SpamAssassin with some
carefully selected SARE, SpamAssassin Rules Emporium, rule sets and
the SURBL black list can lead to VERY accurate spam tagging. I am
rather partial to spam tagging as opposed to simply dumping, at least
on a single user or very small office configuration. Some legitimate
emails can trigger rules that normally have very low miss rates. So
I score the spams and have OutlookExpunge sort the spam into a spam
folder. I look at the dozen or so lowest scoring spams to cull out
things like the rare LKML message that triggers too many chickenpox
or tripwire rules. Then I make a really quick scan of the rest to
see if anything looks real - or to be honest looks like it might
have some humor value. (Some of the recent spate from the Orient are
priceless for their translations into English that differ from the
plain text and HTML versions. Stilted is too polite a term for how
silly they get.) Then I may check the Bayes scores for a fwe of the
lower scoring items and feed them to Bayes if Bayes did not think they
were fairly spammy already. It all takes as little as 2 or 3 minutes
per day if I don't have time to mine it for the humor value. I can
spare that to avoid the rare critical message (say due to at least
one of AOL's mail tools misformatting messages in a spammy way) that
gets tagged as spam. I also expect one or two escaped spams to run
wild in my mailbox, like the set that just struck one of the Mandrake
lists. Spam evolves so fast it's hard for the spam fighters to win
all the time. But so far today in about 700 messages SA is managing
100%, though.
I had hoped that adding the IP or the sender details to the black list
of Spam Assassin might do this but it does not.
Typically with a joe job you are getting bounce messages from all over
the place. I've had to remove Postmaster and its synonyms from any
hint of whitelisting within SpamAssassin. Too many such messages are
simply joe job bounces or viruses. (NK-VIR suggested below is a good
bet. It's not 100%. (I turned off much of its scam filtering. I leave
that to SpamAssassin. Nigerian scam testing mal-triggers too often. Er,
and osm eof them are the funniest of all.) Setting up ClamAV plus
SpamAssassin reporedly works very well for viruses. It can be a bear
to setup, though.)
I guess the best thing would be to do a /dev/null in my procmail
script if I had the faintest idea how to do that.
(That is what I do with two chief annoyances, a site that I see in
too many (varies with mood) bounce messages come back from or a site
that expects me to jump through
Re: [newbie] Virus laden e-mail
From: Bryan Phinney [EMAIL PROTECTED]
On Thursday 16 December 2004 20:09, JoeHill wrote:
Ideally what I want to do is to get my server to just say Bog off
when the delivery attempt is made.
Well, AFAIK, the only way to do that is with a bounce, and there's the
rub.
Actually, not necessarily. In Postfix, if you setup to reject the message
you
basically send a reject code 554 which tells the originating server that
the
mail is rejected. It does NOT bounce to the FROM address, it actually
drops
the mail at the connecting server. So, if this is a virus propagating
machine, it is the one receiving the bounce, not the spoofed address.
Humble (moi! humble?) request, please be careful with terminology, even
if AOL and Microsoft are sloppy as hell. Bounce sends a message back to
the purported sender, [EMAIL PROTECTED] Rejects simply reject it from the
server forwarding the email to your mailbox. The purported sender is not
involved and never sees the failure unless something ELSE, like the sending
server, informs him of the error.
If you are using fetchmail or the like and pulling mail from a server, you
are indeed unable to drop the connection machine, however, most mail
servers that
relay are set to simply drop mail when they receive a 554 reject code, so
no
bounce message is ever sent, the mail just drops. Of course, some might
actually try to send a reject to the From address assuming that is the
originator, but with all the mail viruses today, most mail servers don't
bother.
100% correct. If you use fetchmail you're stuck. Filtering is all you
can do. I reiterate SARE is WONDERFUL.
However, for viruses, it is impossible to issue a 554 on connect because
the
only way to know it is a virus is to download the body and by the time you
get all of the mail, it is simply too late to reject it. So, the only
choice
is to drop it yourself unless you want to go to the trouble of manually
bouncing the mail to the From which would be pointless.
Mostly true. If you do notice them coming from a single IP address in
your mail logs you can use iptables to drop the packets on the floor.
Something to check out:
http://agriroot.aua.gr/~nikant/nkvir/
Just add it to your .procmailrc, follow the instructions to make sure
it's
config'd properly, and you can /dev/null them if you want (though it's
not
recommended). I've been using this recipe for over a year and only had
one
false positive.
Also, you could install and run Amavis, amavis-new, etc. along with clamav
which has Mandrake RPM's available. That will provide virus detection and
filtering and gives you the option of disregarding all notification and
dumping viruses or you can collect them and impress your friends.
I have 8 different ones now, including 4 variations on the same virus. I
am
competing against my friend that runs Windows, but I am starting to doubt
that I will ever catch up. I guess Windows really is just better at some
things than Linux. ;-}
nkvir is sufficient to capture many varieties of viruses. I dump them. But
I've had far more than eight distinct viruses caught. If I used only linux
for working and recreation I'd not bother with Windows virus detection. If
I ran an ISP I'd forward the virus unless the user specifically requests
some form of AV protection at the ISP. I'd likely suggest they use something
like Norton which can provide AV filtering on incoming email. This is for
the same reason that I advocate SpamAssassin type scoring rather than
elimination for an ISP. (Of course, I use ssl for speaking to a secure pop
and imap server pair on our mail server. So AV filtering is mostly a human
operation. Fortunately SA tags almost all of them as spam as a side effect.)
If that is 8 different LINUX attacking viruses I'm impressed.
{^_-}
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
Hi OK I've read with interest some of your replies. It would seem that what I have actually been doing is rejecting any emails sent to me whereby the user is not registered on my server. It would seem that the option in my server manager panel that handles postfix and that I thought was bouncing them back was not! It is actually sending a reject code 554 when the user is not recognised to the originating server. I did not realise it did this and only found out by asking on the user forum for my server's version of Linux. I was only coherently able to do this because of the helpful comments I gleamed from this list! Just goes to show my server has been very well set up, with fools like me in mind, so we don't make monumental admin screw ups! I am sorry about my loose terminology which I think may have been the cause of all this. However in my defence it did spawn a useful dialogue. Basically my home network (for those interested) consists of - 1 x Linux server 2 x Mandrake 10.1 Official workstations (for me and the wife to do most of our computing - these are the only machines that have been set up to get e-mail) 1 x Winblows box (I use some complicated mapping software that won't run under wine, and also a Internet database of Rights of Way that I use is only compatible with IE. For some reason the scripts just won't work properly in Mozilla and there are too few Linux people using it to justify the creators spending the time to fix it. Not ideal but I can cope with it as I have to have the machine for the mapping software anyway) I use three accounts for email. Two of them are used for lists and public forums and are pop accounts. One does all the computer related stuff and the other handles all the other misc interests I have :-). The last one is my own private addy that is on my server and that I am careful who I tell about! My server does receive mail direct. I have to use my ISP for SMTP to send mail from this particular address, or as I found out it in another of my learning curves, it ends up getting reported as spam! I have ClamAV installed on the server and I also have Spam Assassin but I think I need to do some research as I don't think I am using it to its full potential. Anyway it seems to have done the trick as the problem seems to have resolved itself. Cheers -- John Willby Registered Linux user number 321644 ICQ: 92791912 MSN: [EMAIL PROTECTED] Linux is like a wigwam - No Gates, no Windows, Apache inside. 07:14:53 up 4 days, 22:23, 1 user, load average: 0.04, 0.04, 0.00 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
Hi Its a windows virus - Zafi.D It seems it gets your address from somewhere and then starts sending you an email every 2 seconds. I have set up so they all go straight to the trash but it sure is a pain in the neck as I am having to remove from the trash about 1800 every hour. Glad I've got some reasonable bandwidth or my Internet connection would have locked up solid by now. GRRR! -- John Willby Registered Linux user number 321644 ICQ: 92791912 MSN: [EMAIL PROTECTED] Linux is like a wigwam - No Gates, no Windows, Apache inside. 16:27:08 up 4 days, 7:35, 1 user, load average: 1.10, 1.24, 1.12 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Thursday 16 Dec 2004 16:32, Inhabitant of Zion wrote: Hi Its a windows virus - Zafi.D It seems it gets your address from somewhere and then starts sending you an email every 2 seconds. I have set up so they all go straight to the trash but it sure is a pain in the neck as I am having to remove from the trash about 1800 every hour. Glad I've got some reasonable bandwidth or my Internet connection would have locked up solid by now. GRRR! Phew that's a relief. I use win less and less these days. Aiming to dump it all together when I know enough linux. So how do I check to see if clam is working? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Thu, 16 Dec 2004 17:25:38 + Inhabitant of Zion disseminated the following: So zap them before they even hit your machine: Just found out how to set my server to return to sender all mails to unknown users. Not ideal but at least I am getting a bit of peace and quite again! Hmmm, IMHO, bouncing spam is not a Good Thing. More unnecessary traffic on an already overburdened 'Net. If you want to get back at spammers, take some time, do a trace and/or a whois, and report them to the Service Provider. Takes more time, but in the long run, if everyone did this, well, it would totally destroy the cost/benefit ratio for spammers. -- JoeHill / RLU #282046 / www.freeyourmachine.org 13:20:13 up 25 days, 4:31, 4 users, load average: 0.13, 0.07, 0.01 +++ Wealth is the relentless enemy of understanding. -- John Kenneth Galbraith Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
To: [EMAIL PROTECTED]
So zap them before they even hit your machine:
Just found out how to set my server to return to sender all mails to
unknown users.
Not ideal but at least I am getting a bit of peace and quite again!
:-)
--
John Willby Registered Linux user number 321644
ICQ: 92791912 MSN: [EMAIL PROTECTED]
Yes, your MSN monicker is indeed correct. You are a sillydilly. NEVER
return to sender. It is highly impolite and turns you into a spam relay.
The Return-Path:, Reply-To:, and From: headers in spam mail are virtually
always forged. So you are forwarding the spam to innocents. When I find
some idiot doing this I place a divert to /dev/null block on them in my
procmail script. If they ever do have to send me real email it's too bad
for them. They're gone.
{^_^}
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Wednesday 15 December 2004 07:32 pm, Greg Meyer wrote: Is anybody else on this list getting bombarded with virus laden e-mail from a particular ip address in Australia? I got one a few hours ago, but so far just one and i thought it was addressed to the list. I did what I always do with them *DEL* I am on cable here and do get a lot of them from time to time. Oh yeah there is this new worm out was made just for Christmas. Sick bast**s Regards, Dan Gordon -- Wed Dec 15 23:22:27 EST 2004 23:22:27 up 11:53, 1 user, load average: 0.10, 0.05, 0.01 Conversation enriches the understanding, but solitude is the school of genius. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
From: Greg Meyer [EMAIL PROTECTED]
Is anybody else on this list getting bombarded with virus laden e-mail
from a
particular ip address in Australia?
Whoever it is is sending to the address that I use for the Mandrake lists,
so
I am thinking it may be one of our newbie windows users.
If you use windows and are in Australia, please check your box for
viruses.
--
/g
For what it is worth a netski variant went through one of the Mandrake
lists this morning.
{^_^}
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Wednesday 15 December 2004 11:28 pm, Dan Gordon wrote: Oh yeah there is this new worm out was made just for Christmas. Sick bast**s Here is the link. http://edition.cnn.com/2004/TECH/internet/12/15/holiday.worm/index.html Regards, Dan Gordon -- Wed Dec 15 23:32:08 EST 2004 23:32:08 up 12:03, 1 user, load average: 0.10, 0.07, 0.01 Only a mediocre person is always at his best. -- Laurence Peter Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Wed, Dec 15, 2004 at 07:32:54PM -0500, Greg Meyer wrote: Is anybody else on this list getting bombarded with virus laden e-mail from a particular ip address in Australia? Whoever it is is sending to the address that I use for the Mandrake lists, so I am thinking it may be one of our newbie windows users. If you use windows and are in Australia, please check your box for viruses. Prolly that Kuhn guy. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
RE: [newbie] Virus laden e-mail
What's the IP address? I fit the profile, and as our windows admin is not around, I cannot check the status of our antivirus software... hd -Original Message- From: Greg Meyer [mailto:[EMAIL PROTECTED] Sent: Thursday, 16 December 2004 11:33 AM To: [EMAIL PROTECTED] Subject: [newbie] Virus laden e-mail Is anybody else on this list getting bombarded with virus laden e-mail from a particular ip address in Australia? Whoever it is is sending to the address that I use for the Mandrake lists, so I am thinking it may be one of our newbie windows users. If you use windows and are in Australia, please check your box for viruses. -- /g Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
Hi I have been getting a load from Germany and also a shed load yesterday from DHTMLcentral. Nice... -- John Willby Registered Linux user number 321644 ICQ: 92791912 MSN: [EMAIL PROTECTED] Linux is like a wigwam - No Gates, no Windows, Apache inside. 07:27:01 up 3 days, 22:35, 1 user, load average: 0.00, 0.02, 0.02 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
Re: [newbie] Virus laden e-mail
On Thu, 16 Dec 2004 07:27:02 + Inhabitant of Zion wrote: I have been getting a load from Germany and also a shed load yesterday from DHTMLcentral. I feel neglected and under privileged. I do not get any that are not picked up by either my filters or clamav. Charles -- Talking much about oneself can also be a means to conceal oneself. -- Friedrich Nietzsche - Mandrake Linux 10.2 on PurpleDragon 2.6.8.1-20mdk-i686-up-64GB http://www.eslrahc.com - pgp8p85WIM2f5.pgp Description: PGP signature
[newbie] Virus laden e-mail
Is anybody else on this list getting bombarded with virus laden e-mail from a particular ip address in Australia? Whoever it is is sending to the address that I use for the Mandrake lists, so I am thinking it may be one of our newbie windows users. If you use windows and are in Australia, please check your box for viruses. -- /g Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com
