strange maillog entries plus DoS messages in maillog
Scott Silva
ssilva at sgvwater.com
Wed Aug 30 20:08:45 IST 2006
Derek Catanzaro spake the following on 8/30/2006 11:22 AM:
> I have included portions of my log where it shows that it is extracting
> java classes. I have never seen this before in any of my logs and I'm
> trying to figure out why this is happening? I have also included the
> DoS message that is being logged. Has anyone ever seen this type of
> activity on their servers???
>
> MailScanner version 4.49.7
> Fedora Core 2
> 0.17 Mail::ClamAV
It looks as if a java .jar file was mailed to your system, and the virus
scanners are trying to extract it to check the contents. You could grep the
logs for that process number [6552] and get the message id at the beginning.
If the message is still on your system, or you have mailwatch, you could get
more info as to sender and recipient.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
More information about the MailScanner
mailing list