Viruses from one IP - trend? {Scanned}

Kevin Old kevinold at GMAIL.COM
Wed Jun 23 17:04:54 IST 2004


Please forgive my ignorance, but I've not heard about Vispan.  What is
it?  A search on google for Vispan didn't turn up anything.

Kevin

On Wed, 23 Jun 2004 08:57:18 -0700, Scott Silva <ssilva at sgvwater.com> wrote:
>
> Vispan will do it automagigally.
> Been using it for a couple of months, and it has cut the mail load about 30%
> or more.
>
> ----- Original Message -----
> From: "Matthew K Bowman" <mkbowman at NEO.RR.COM>
> To: <MAILSCANNER at JISCMAIL.AC.UK>
> Sent: Wednesday, June 23, 2004 8:43 AM
> Subject: Re: Viruses from one IP - trend? {Scanned}
>
> Kevin Old wrote:
>
> >Hello everyone,
> >
> >I've been using MailScanner for quite some time and love it!  Thanks
> >to all who contribute to it.
> >
> >I've recently seen a new trend on my mail server and wondered if
> >others experience it.  On two separate occations, I've started
> >receiving viruses from one IP that "chose" my server to "hammer" with
> >viruses.  The most recent "outbreak" had them coming at 7+ messages
> >per minute.  The virus caught by both ClamAV and F-Prot was Zafi.B.
> >
> >Again, all of the messages were from the same IP (as reported in the
> >MailScanner report for each virus caught).  The only thing I found odd
> >was that in both cases the IP's that were reported weren't spoofed!
> >They were the actual IP's.
> >
> >To remedy the situation, I ended up blocking all traffic from that IP
> >in my firewall and the "attacks" stop instantly.
> >
> >Just wondering if anyone else had these experiences....
> >
> >Thanks,
> >Kevin
> >--
> >Kevin Old
> >kevinold at gmail.com
> >
> >-------------------------- MailScanner list ----------------------
> >To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> >Before posting, please see the Most Asked Questions at
> >http://www.mailscanner.biz/maq/     and the archives at
> >http://www.jiscmail.ac.uk/lists/mailscanner.html
> >
> >
> >
> >
> Yes indeed. Same virus too. I actually got blasted from 2 different IP
> addresses and did a couple of things
>
> 1. blacklisted their IP forcing the email to be tagged as {SPAM?} and
> spam action to delete
> 2. put their IP in /etc/mail/access with 'DENY'
>
> Is there a way to automatically block floods of virus from 1 IP addres.
> perhps a new action called 'Virus Flood'
> Actions are delete, quarantine etc?
>
> Maybe there is and I've overlooked this..Apologies if thats the case.
>
> Matthew
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>


--
Kevin Old
kevinold at gmail.com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list