rayit
1st December 2005, 13:51
I am spammed by sober.U virus warnings and warings that messages can not be send to for example Office@cia.gov
They seem to be send from my own account web2_rmarx@ns1.rayit.com
What can I do about this?
How to stop that clamAV mails to the person who send teh virus?
DOes somebody has advise?
I checked all my pc's and there are no virus on them etc..
I added 3 parts of log file
many thanks
Raymond
RayIT
--------------------------------------------------------------------------
Dec 1 07:16:42 localhost postfix/qmgr[23657]: 2FAF0372851: from=<web2_rmarx@ns1.rayit.com>, size=999, nrcpt=1 (queue active)
Dec 1 07:16:42 localhost TrashScan[8676]: ************************************************** **********************
Dec 1 07:16:42 localhost TrashScan[8676]: Suspicious code in mail attachment detected !!!
Dec 1 07:16:42 localhost TrashScan[8676]: From: Post@fbi.gov
Dec 1 07:16:42 localhost TrashScan[8676]: To: mailingbox@rayit.com
Dec 1 07:16:42 localhost TrashScan[8676]: Subj: Your IP was logged
Dec 1 07:16:42 localhost TrashScan[8676]: Date: Thu, 01 Dec 2005 06:09:55 GMT
Dec 1 07:16:42 localhost TrashScan[8676]: Virus: Worm.Sober.U
Dec 1 07:16:42 localhost TrashScan[8676]: Alert: Not sent
Dec 1 07:16:42 localhost TrashScan[8676]: Notification: Messages sent to Post@fbi.gov and mailingbox@rayit.com
Dec 1 07:16:42 localhost TrashScan[8676]: Check mail.virus !!!
Dec 1 07:16:42 localhost TrashScan[8676]: ************************************************** **********************
-------------------------------------------------------------------------
MANY MESSAGES
from=<web2_rmarx@ns1.rayit.com>, size=1002, nrcpt=1 (queue active)
Dec 1 06:39:04 localhost postfix/qmgr[23657]: 8B09637293E: from=<web2_rmarx@ns1.rayit.com>, size=1002, nrcpt=1 (queue active)
Dec 1 06:39:04 localhost postfix/qmgr[23657]: 877EF372911: from=<web2_rmarx@ns1.rayit.com>, size=1002, nrcpt=1 (queue active)
-----------------------------------------------------------------------
MANY MESSAGES
Dec 1 06:40:35 localhost postfix/qmgr[23657]: 8741D37282A: to=<Office@cia.gov>, relay=none, delay=41828, status=deferred (delivery temporarily suspended: connect to relay7$
Dec 1 06:40:35 localhost postfix/qmgr[23657]: DDC1A372839: to=<Office@cia.gov>, relay=none, delay=41822, status=deferred (delivery temporarily suspended: connect to relay7$
Dec 1 06:40:35 localhost postfix/qmgr[23657]: DC7F5372924: to=<Office@cia.gov>, relay=none, delay=41750, status=deferred (delivery temporarily suspended: connect to relay7$
Dec 1 06:40:35 localhost postfix/qmgr[23657]: DFF2C37283F: to=<Office@cia.gov>, relay=none, delay=41757, status=deferred (delivery temporarily suspended: connect to relay7$
Dec 1 06:40:35 localhost postfix/qmgr[23657]: 05ECC372860:
They seem to be send from my own account web2_rmarx@ns1.rayit.com
What can I do about this?
How to stop that clamAV mails to the person who send teh virus?
DOes somebody has advise?
I checked all my pc's and there are no virus on them etc..
I added 3 parts of log file
many thanks
Raymond
RayIT
--------------------------------------------------------------------------
Dec 1 07:16:42 localhost postfix/qmgr[23657]: 2FAF0372851: from=<web2_rmarx@ns1.rayit.com>, size=999, nrcpt=1 (queue active)
Dec 1 07:16:42 localhost TrashScan[8676]: ************************************************** **********************
Dec 1 07:16:42 localhost TrashScan[8676]: Suspicious code in mail attachment detected !!!
Dec 1 07:16:42 localhost TrashScan[8676]: From: Post@fbi.gov
Dec 1 07:16:42 localhost TrashScan[8676]: To: mailingbox@rayit.com
Dec 1 07:16:42 localhost TrashScan[8676]: Subj: Your IP was logged
Dec 1 07:16:42 localhost TrashScan[8676]: Date: Thu, 01 Dec 2005 06:09:55 GMT
Dec 1 07:16:42 localhost TrashScan[8676]: Virus: Worm.Sober.U
Dec 1 07:16:42 localhost TrashScan[8676]: Alert: Not sent
Dec 1 07:16:42 localhost TrashScan[8676]: Notification: Messages sent to Post@fbi.gov and mailingbox@rayit.com
Dec 1 07:16:42 localhost TrashScan[8676]: Check mail.virus !!!
Dec 1 07:16:42 localhost TrashScan[8676]: ************************************************** **********************
-------------------------------------------------------------------------
MANY MESSAGES
from=<web2_rmarx@ns1.rayit.com>, size=1002, nrcpt=1 (queue active)
Dec 1 06:39:04 localhost postfix/qmgr[23657]: 8B09637293E: from=<web2_rmarx@ns1.rayit.com>, size=1002, nrcpt=1 (queue active)
Dec 1 06:39:04 localhost postfix/qmgr[23657]: 877EF372911: from=<web2_rmarx@ns1.rayit.com>, size=1002, nrcpt=1 (queue active)
-----------------------------------------------------------------------
MANY MESSAGES
Dec 1 06:40:35 localhost postfix/qmgr[23657]: 8741D37282A: to=<Office@cia.gov>, relay=none, delay=41828, status=deferred (delivery temporarily suspended: connect to relay7$
Dec 1 06:40:35 localhost postfix/qmgr[23657]: DDC1A372839: to=<Office@cia.gov>, relay=none, delay=41822, status=deferred (delivery temporarily suspended: connect to relay7$
Dec 1 06:40:35 localhost postfix/qmgr[23657]: DC7F5372924: to=<Office@cia.gov>, relay=none, delay=41750, status=deferred (delivery temporarily suspended: connect to relay7$
Dec 1 06:40:35 localhost postfix/qmgr[23657]: DFF2C37283F: to=<Office@cia.gov>, relay=none, delay=41757, status=deferred (delivery temporarily suspended: connect to relay7$
Dec 1 06:40:35 localhost postfix/qmgr[23657]: 05ECC372860: