Navigation

rayit · #1 1st December 2005, 12:51

I am spammed by sober.U virus warnings and warings that messages can not be send to for example Office@cia.gov
They seem to be send from my own account web2_rmarx@ns1.rayit.com

What can I do about this?

How to stop that clamAV mails to the person who send teh virus?

DOes somebody has advise?
I checked all my pc's and there are no virus on them etc..

I added 3 parts of log file
many thanks

Raymond
RayIT

--------------------------------------------------------------------------
Dec 1 07:16:42 localhost postfix/qmgr[23657]: 2FAF0372851: from=<web2_rmarx@ns1.rayit.com>, size=999, nrcpt=1 (queue active)
Dec 1 07:16:42 localhost TrashScan[8676]: ************************************************** **********************
Dec 1 07:16:42 localhost TrashScan[8676]: Suspicious code in mail attachment detected !!!
Dec 1 07:16:42 localhost TrashScan[8676]: From: Post@fbi.gov
Dec 1 07:16:42 localhost TrashScan[8676]: To: mailingbox@rayit.com
Dec 1 07:16:42 localhost TrashScan[8676]: Subj: Your IP was logged
Dec 1 07:16:42 localhost TrashScan[8676]: Date: Thu, 01 Dec 2005 06:09:55 GMT
Dec 1 07:16:42 localhost TrashScan[8676]: Virus: Worm.Sober.U
Dec 1 07:16:42 localhost TrashScan[8676]: Alert: Not sent
Dec 1 07:16:42 localhost TrashScan[8676]: Notification: Messages sent to Post@fbi.gov and mailingbox@rayit.com
Dec 1 07:16:42 localhost TrashScan[8676]: Check mail.virus !!!
Dec 1 07:16:42 localhost TrashScan[8676]: ************************************************** **********************

-------------------------------------------------------------------------
MANY MESSAGES
from=<web2_rmarx@ns1.rayit.com>, size=1002, nrcpt=1 (queue active)
Dec 1 06:39:04 localhost postfix/qmgr[23657]: 8B09637293E: from=<web2_rmarx@ns1.rayit.com>, size=1002, nrcpt=1 (queue active)
Dec 1 06:39:04 localhost postfix/qmgr[23657]: 877EF372911: from=<web2_rmarx@ns1.rayit.com>, size=1002, nrcpt=1 (queue active)
-----------------------------------------------------------------------
MANY MESSAGES

Dec 1 06:40:35 localhost postfix/qmgr[23657]: 8741D37282A: to=<Office@cia.gov>, relay=none, delay=41828, status=deferred (delivery temporarily suspended: connect to relay7$
Dec 1 06:40:35 localhost postfix/qmgr[23657]: DDC1A372839: to=<Office@cia.gov>, relay=none, delay=41822, status=deferred (delivery temporarily suspended: connect to relay7$
Dec 1 06:40:35 localhost postfix/qmgr[23657]: DC7F5372924: to=<Office@cia.gov>, relay=none, delay=41750, status=deferred (delivery temporarily suspended: connect to relay7$
Dec 1 06:40:35 localhost postfix/qmgr[23657]: DFF2C37283F: to=<Office@cia.gov>, relay=none, delay=41757, status=deferred (delivery temporarily suspended: connect to relay7$
Dec 1 06:40:35 localhost postfix/qmgr[23657]: 05ECC372860:

till · #2 1st December 2005, 12:55

http://www.howtoforge.com/forums/showthread.php?t=911

The virus must not be on one of your computers. the email viruses chose the sender adresses randomly from the addressbooks of the infected computer.

rayit · #3 1st December 2005, 13:04

can I also do something against 1000 mails in the queue, except from postsupe -d ALL?

7C992372829 1000 Thu Dec 1 12:57:08 web2_rmarx@ns1.rayit.com
(connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
Admin@cia.gov

48491372761 1000 Thu Dec 1 12:57:05 web2_rmarx@ns1.rayit.com
(connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
Admin@cia.gov

4B85E372849 1000 Thu Dec 1 12:57:33 web2_rmarx@ns1.rayit.com
(delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
Admin@cia.gov

41EB737290D 1000 Thu Dec 1 12:57:59 web2_rmarx@ns1.rayit.com
(delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
Admin@cia.gov

63A2E37282D 1000 Thu Dec 1 12:57:08 web2_rmarx@ns1.rayit.com
(connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
Admin@cia.gov

69DD9372846 1000 Thu Dec 1 12:57:27 web2_rmarx@ns1.rayit.com
(delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
Admin@cia.gov

64BA337285B 1000 Thu Dec 1 12:57:42 web2_rmarx@ns1.rayit.com
(delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
Admin@cia.gov

6C2B7372902 1000 Thu Dec 1 12:57:53 web2_rmarx@ns1.rayit.com
(delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
Admin@cia.gov

61F64372921 1000 Thu Dec 1 12:58:19 web2_rmarx@ns1.rayit.com
(delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
Admin@cia.gov

66BCE372839 1000 Thu Dec 1 12:58:22 web2_rmarx@ns1.rayit.com
(delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
Admin@cia.gov

greetings

Raymond

till · #4 1st December 2005, 13:12

Its "postsuper -d ALL"

I dont think there is another solution. Maybe you can write a script that deletes some mails selectively wit "postsuper -d [MAILID]".

rayit · #5 1st December 2005, 14:00

many thanks for advise

-------------------------------------------------
mailq | tail +2 | awk 'BEGIN { RS = "" }
# $7=sender, $8=recipient1, $9=recipient2
{ if ($8 == "Admin@cia.gov" && $9 == "")
print $1 }
' | tr -d '*!' | postsuper -d -
-----------------------------------------------------
This deleted the messages..going to Admin@cia.gov

greetings

Raymond
RayIT

Navigation

Facebook

News

Recent comments

Newsletter