I am spammed by sober.U virus from my own account?

Discussion in 'General' started by rayit, Dec 1, 2005.

  1. rayit

    rayit New Member

    I am spammed by sober.U virus warnings and warings that messages can not be send to for example Office@cia.gov
    They seem to be send from my own account web2_rmarx@ns1.rayit.com

    What can I do about this?

    How to stop that clamAV mails to the person who send teh virus?

    DOes somebody has advise?
    I checked all my pc's and there are no virus on them etc..

    I added 3 parts of log file
    many thanks

    Raymond
    RayIT

    --------------------------------------------------------------------------
    Dec 1 07:16:42 localhost postfix/qmgr[23657]: 2FAF0372851: from=<web2_rmarx@ns1.rayit.com>, size=999, nrcpt=1 (queue active)
    Dec 1 07:16:42 localhost TrashScan[8676]: ************************************************************************
    Dec 1 07:16:42 localhost TrashScan[8676]: Suspicious code in mail attachment detected !!!
    Dec 1 07:16:42 localhost TrashScan[8676]: From: Post@fbi.gov
    Dec 1 07:16:42 localhost TrashScan[8676]: To: mailingbox@rayit.com
    Dec 1 07:16:42 localhost TrashScan[8676]: Subj: Your IP was logged
    Dec 1 07:16:42 localhost TrashScan[8676]: Date: Thu, 01 Dec 2005 06:09:55 GMT
    Dec 1 07:16:42 localhost TrashScan[8676]: Virus: Worm.Sober.U
    Dec 1 07:16:42 localhost TrashScan[8676]: Alert: Not sent
    Dec 1 07:16:42 localhost TrashScan[8676]: Notification: Messages sent to Post@fbi.gov and mailingbox@rayit.com
    Dec 1 07:16:42 localhost TrashScan[8676]: Check mail.virus !!!
    Dec 1 07:16:42 localhost TrashScan[8676]: ************************************************************************

    -------------------------------------------------------------------------
    MANY MESSAGES
    from=<web2_rmarx@ns1.rayit.com>, size=1002, nrcpt=1 (queue active)
    Dec 1 06:39:04 localhost postfix/qmgr[23657]: 8B09637293E: from=<web2_rmarx@ns1.rayit.com>, size=1002, nrcpt=1 (queue active)
    Dec 1 06:39:04 localhost postfix/qmgr[23657]: 877EF372911: from=<web2_rmarx@ns1.rayit.com>, size=1002, nrcpt=1 (queue active)
    -----------------------------------------------------------------------
    MANY MESSAGES

    Dec 1 06:40:35 localhost postfix/qmgr[23657]: 8741D37282A: to=<Office@cia.gov>, relay=none, delay=41828, status=deferred (delivery temporarily suspended: connect to relay7$
    Dec 1 06:40:35 localhost postfix/qmgr[23657]: DDC1A372839: to=<Office@cia.gov>, relay=none, delay=41822, status=deferred (delivery temporarily suspended: connect to relay7$
    Dec 1 06:40:35 localhost postfix/qmgr[23657]: DC7F5372924: to=<Office@cia.gov>, relay=none, delay=41750, status=deferred (delivery temporarily suspended: connect to relay7$
    Dec 1 06:40:35 localhost postfix/qmgr[23657]: DFF2C37283F: to=<Office@cia.gov>, relay=none, delay=41757, status=deferred (delivery temporarily suspended: connect to relay7$
    Dec 1 06:40:35 localhost postfix/qmgr[23657]: 05ECC372860:
     
  2. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

  3. rayit

    rayit New Member

    thanks

    can I also do something against 1000 mails in the queue, except from postsupe -d ALL?

    7C992372829 1000 Thu Dec 1 12:57:08 web2_rmarx@ns1.rayit.com
    (connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
    Admin@cia.gov

    48491372761 1000 Thu Dec 1 12:57:05 web2_rmarx@ns1.rayit.com
    (connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
    Admin@cia.gov

    4B85E372849 1000 Thu Dec 1 12:57:33 web2_rmarx@ns1.rayit.com
    (delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
    Admin@cia.gov

    41EB737290D 1000 Thu Dec 1 12:57:59 web2_rmarx@ns1.rayit.com
    (delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
    Admin@cia.gov

    63A2E37282D 1000 Thu Dec 1 12:57:08 web2_rmarx@ns1.rayit.com
    (connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
    Admin@cia.gov

    69DD9372846 1000 Thu Dec 1 12:57:27 web2_rmarx@ns1.rayit.com
    (delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
    Admin@cia.gov

    64BA337285B 1000 Thu Dec 1 12:57:42 web2_rmarx@ns1.rayit.com
    (delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
    Admin@cia.gov

    6C2B7372902 1000 Thu Dec 1 12:57:53 web2_rmarx@ns1.rayit.com
    (delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
    Admin@cia.gov

    61F64372921 1000 Thu Dec 1 12:58:19 web2_rmarx@ns1.rayit.com
    (delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
    Admin@cia.gov

    66BCE372839 1000 Thu Dec 1 12:58:22 web2_rmarx@ns1.rayit.com
    (delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out)
    Admin@cia.gov



    greetings

    Raymond
     
  4. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Its "postsuper -d ALL" ;)

    I dont think there is another solution. Maybe you can write a script that deletes some mails selectively wit "postsuper -d [MAILID]".
     
  5. rayit

    rayit New Member

    Solved..

    many thanks for advise:)
    -------------------------------------------------
    mailq | tail +2 | awk 'BEGIN { RS = "" }
    # $7=sender, $8=recipient1, $9=recipient2
    { if ($8 == "Admin@cia.gov" && $9 == "")
    print $1 }
    ' | tr -d '*!' | postsuper -d -
    -----------------------------------------------------
    This deleted the messages..going to Admin@cia.gov ;)

    greetings

    Raymond
    RayIT
     

Share This Page