On Fri, Apr 30, 2004 at 11:32:01AM +1000, Jared Pritchard wrote: > Has anyone got ANY idea on what could be happening? Has our linux server got > a virus? (!?!!?!!) Is someone using our machine as an open relay? (I did
No. All the latest viruses forge the sender address. Someone else is infected and the virus has used your domain as the sender. My usual response is something like this sent to the postmaster at the site which sent the virus notification: > WARNING! Your message was infected by VIRUS: > Worm.SomeFool.Z Well done. You bloody idiot. You've notified the one person you can be absolutely certain did *not* send the message. This worm and pretty much every virus/worm released in the last couple of years are known to forge the sender address. Turn off notification. It's pointless, except to advertise the fact that you're too stupid to configure your AV scanner. > If you have a good idea on what the problem may be, please email me directly OK, done. Cheers, John -- If I'm at work 30 minutes early, you'd be better off if I was in at the regular time _and_ stoned. -- Graham Reed -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html