MyDoom.O sneaking through!
Peter Peters
P.G.M.Peters at utwente.nl
Wed Aug 4 19:28:33 IST 2004
On Wed, 4 Aug 2004 10:03:37 -0700, you wrote:
>Hi everyone,
>
>I'm running the latest version of MailScanner (just updated yesterday)
>and for some reason, MyDoom.O is occasionally getting through. According
>to my logs, in the last week, I've had 11,001 messages with MyDoom.O
>blocked...but I know that some of them are getting though because I had
>someone send me a zip file that they received today and the virus was
>completely intact and waltzed right through the system.
>
>How do I troubleshoot and fix this?
Start by examining the headers to check whether the message got through
your system.
Next check the logs of your system and pay close attention to the
queue-ID (at least with sendmail). A grep for just the ID will show you
all relevant lines. Did you get a few lines for the incoming MTA session
and (at least) one for the outgoing MTA? And did the incoming line
mention "queued"?
--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list