Sober
John Schmerold
john at KATY.COM
Thu May 5 17:01:35 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
It's been a bit of a problem. I have been keeping an eye on the log in
Mailwatch & adding an invalid route ( route add -net 71.96.173.0
netmask 255.255.255.0 gw 192.168.10.2) to keep the other end from
spewing its junk into our mail queue. It's been interesting to watch.
I'm seeing viruses come in from usual suspects (Hotmail & cable modems)
as well as from unlikely sources such as Dun & Bradstreet.
There is probably a better way using greylisting or by creating a Local
DNS Blocklist with RBLDNSD.
Greg Deputy wrote:
>I've not been having trouble with sober getting through, but have
>noticed a HUGE jump in viruses attempting to get through in the last 4
>days or so, majority of them being the sober virus.
>
>Anyone else noticing a spike in viruses?
>
>
>
>>-----Original Message-----
>>From: MailScanner mailing list
>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Martin Hepworth
>>Sent: Thursday, May 05, 2005 8:44 AM
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: Sober
>>
>>
>>Only thing I've seem amongst the lists I'm on is that it
>>effects people who upgrade to 0.84.
>>
>>so.. make sure DatabaseDirectory is consistant in
>>freshclam.conf and clamd.cong..
>>
>>--
>>Martin Hepworth
>>Snr Systems Administrator
>>Solid State Logic
>>Tel: +44 (0)1865 842300
>>
>>
>>Jim Coates wrote:
>>
>>
>>>I apparently am suffering from something with this virus as well.
>>>
>>>My MailScanner/ClamAV setup had been working wonderfully until just
>>>the last couple of days when all of the sudden the Sober virus has
>>>been managing to get its ZIP files past without any problem at all.
>>>
>>>I looked back through the messaged regarding Sober here on
>>>
>>>
>>the group,
>>
>>
>>>but didn't see anything definite about how to stop this from
>>>happening.
>>>
>>>Seems I've seen some people who have the problem and some who don't.
>>>
>>>Has anyone found a solution to getting this stopped?
>>>
>>>Thanks,
>>>Jim Coates
>>>
>>>------------------------ MailScanner list
>>>
>>>
>>------------------------ To
>>
>>
>>>unsubscribe, email jiscmail at jiscmail.ac.uk with the words: 'leave
>>>mailscanner' in the body of the email. Before posting, read
>>>
>>>
>>the Wiki
>>
>>
>>>(http://wiki.mailscanner.info/) and the archives
>>>(http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>*Support MailScanner development - buy the book off the website!*
>>>
>>>
>>**********************************************************************
>>
>>This email and any files transmitted with it are confidential
>>and intended solely for the use of the individual or entity
>>to whom they are addressed. If you have received this email
>>in error please notify the system manager.
>>
>>This footnote confirms that this email message has been swept
>>for the presence of computer viruses and is believed to be clean.
>>
>>**********************************************************************
>>
>>------------------------ MailScanner list
>>------------------------ To unsubscribe, email
>>jiscmail at jiscmail.ac.uk with the words: 'leave mailscanner'
>>in the body of the email. Before posting, read the Wiki
>>
>>
>(http://wiki.mailscanner.info/) and the archives
>(http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list