Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 24th October 2006, 08:11
Morons Morons is offline
Senior Member
 
Join Date: Aug 2006
Posts: 189
Thanks: 8
Thanked 15 Times in 7 Posts
Red face WORMS, Wurms, Crawling BUGS!

Hi,
I still experience some worms have free roaming through the server like the w32.stration
What is there to do about these worms?
Reply With Quote
Sponsored Links
  #2  
Old 24th October 2006, 08:25
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,146
Thanks: 4
Thanked 55 Times in 51 Posts
Default

Well, w32.stration won't do any harm on a linux server... however clients that use windows and download email containing the worm may be harmed.

Have you installed any antivirus scanner on your server?
Reply With Quote
  #3  
Old 24th October 2006, 08:34
Morons Morons is offline
Senior Member
 
Join Date: Aug 2006
Posts: 189
Thanks: 8
Thanked 15 Times in 7 Posts
Default

Is that not what CLAMAV and Freshclam is doing there?
Freshclam updates the AV DB and ClamAV scan the mail for viri? Yes the Linux is not my concern, however the windows user connecting and fetching his mail is were the problems manifest!
Reply With Quote
  #4  
Old 24th October 2006, 08:57
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,146
Thanks: 4
Thanked 55 Times in 51 Posts
Default

Clamav should actually delete the virus. However I think you have to pipe the mail through the clamav scanner. I don't think it does it automatically... well, I'm not using any anti-virus software on my email server so I can't tell for sure.
Reply With Quote
  #5  
Old 24th October 2006, 09:44
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,406
Thanks: 834
Thanked 5,496 Times in 4,326 Posts
Default

If you use ISPConfig, you will just have to enable the "Antivirus" checkbox in the settings of the mail user and ISPConfig will pipe all mail trough ClamAV.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 24th October 2006, 11:05
Morons Morons is offline
Senior Member
 
Join Date: Aug 2006
Posts: 189
Thanks: 8
Thanked 15 Times in 7 Posts
Default

Yes it does, and it is enabled, however these specific Worms still pass into maiboxes, Most others get caught, these actually pass through.

Plse google for:

W32.Stration

althow the W32.Stration@mm is called Worm.Stration.A (ClamAV), some strains lately does not get caught. I did an /home/admispconfig/ispconfig/tools/clamav/bin/freshclam and the resul was
Quote:
ClamAV update process started at Tue Oct 24 11:01:06 2006
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
See the FAQ at http://www.clamav.net/faq.html for an explanation.
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.88.4 Recommended version: 0.88.5
DON'T PANIC! Read http://www.clamav.net/faq.html
main.cvd is up to date (version: 40, sigs: 64138, f-level: 8, builder: tkojm)
daily.cvd is up to date (version: 2087, sigs: 10111, f-level: 8, builder: ccordes)
Witch meant that my ClamAV DB is fine!
Reply With Quote
  #7  
Old 25th October 2006, 15:04
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
 
Default

Quote:
Originally Posted by Morons
althow the W32.Stration@mm is called Worm.Stration.A (ClamAV), some strains lately does not get caught.
It's possible that this worm is not in ClamAV's database yet. Although the ClamAV database contains most of the viruses/worms, it's still a project maintained by volunteers.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
HotSaNIC domino Tips/Tricks/Mods 23 6th November 2006 05:19


All times are GMT +2. The time now is 10:56.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.