Viruses from one IP - trend?
Kevin Old
kevinold at GMAIL.COM
Wed Jun 23 14:49:16 IST 2004
Hello everyone,
I've been using MailScanner for quite some time and love it! Thanks
to all who contribute to it.
I've recently seen a new trend on my mail server and wondered if
others experience it. On two separate occations, I've started
receiving viruses from one IP that "chose" my server to "hammer" with
viruses. The most recent "outbreak" had them coming at 7+ messages
per minute. The virus caught by both ClamAV and F-Prot was Zafi.B.
Again, all of the messages were from the same IP (as reported in the
MailScanner report for each virus caught). The only thing I found odd
was that in both cases the IP's that were reported weren't spoofed!
They were the actual IP's.
To remedy the situation, I ended up blocking all traffic from that IP
in my firewall and the "attacks" stop instantly.
Just wondering if anyone else had these experiences....
Thanks,
Kevin
--
Kevin Old
kevinold at gmail.com
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list