sobig virus

Joe Stuart jstuart at EDENPR.K12.MN.US
Thu Aug 21 17:31:47 IST 2003


>>> Antony at SOFT-SOLUTIONS.CO.UK 08/20/03 04:40PM >>>
On Wednesday 20 August 2003 6:08 pm, Joe Stuart wrote:

> I was wrong it did not go through mailscanner Uly told me that some
of
> the newer viruses are using lower mx records so we did some
> investigating and it turns out that the company that handles our
> external dns had an old entry for a backup mailserver that should
not
> have been there that the virus was relaying through.

So....  the virus went through an old mail relay with a higher
MXvalue...

Surely all that machine did was to forward the mail to the system with
the
lower MX value, where it got scanned and detected?

Or am I missing something about your setup here?

Antony.

--


In out setup we have a server running Sendmail, Mailscanner, SA and
f-prot that has a MX value of 10. Mail is recieved on that server and
then transports it to a groupwise server that delivers it to the
clients. The groupwise server was in the DNS with a MX value of 100 that
I had no idea about.  Since it appeared that mail was coming in without
being scanned we went in and closed the groupwise server off to the
outside world. Then the viruses stopped coming in.  If there are any
suggestions on how things could be setup better I'm open to idea's

Thanks



More information about the MailScanner mailing list