Solutions for huge amount of virusses/spam

Wed Mar 9 14:36:54 UTC 2016

The virusses are attached in a .zip file, and they contain an ActionScript file.

Some logs:

Wed Mar  9 15:24:39 2016 -> /var/spool/MailScanner/incoming/7002/A91471D202E.A81BC/nPayment_2016_March_451756.zip: OK
Wed Mar  9 15:29:28 2016 -> /var/spool/MailScanner/incoming/6913/E59FE1D17EB.AD539/nPayment_2016_March_767582.zip: Sanesecurity.Rogue.0hr.20160309-1152.UNOFFICIAL(749d3ff3f7daba2815c1d185a0e6f045:4463) FOUND
Wed Mar  9 15:29:52 2016 -> /var/spool/MailScanner/incoming/7002/0BFF01D17F6.AC86D/nPayment_2016_March_484985.zip: Sanesecurity.Rogue.0hr.20160309-1353.UNOFFICIAL(93469d8f6d8603b0fd26db4810dc7571:4283) FOUND
Wed Mar  9 15:31:12 2016 -> /var/spool/MailScanner/incoming/7097/9CE631D17CC.AC518/nPayment_2016_March_728879.zip: OK
Wed Mar  9 15:31:25 2016 -> /var/spool/MailScanner/incoming/6551/D8E3A1D17CC.A866B/nPayment_2016_March_733140.zip: OK
Wed Mar  9 15:31:46 2016 -> /var/spool/MailScanner/incoming/7097/337C91D17EB.A306C/nPayment_2016_March_129853.zip: OK
Wed Mar  9 15:32:44 2016 -> /var/spool/MailScanner/incoming/7002/335213C37D3.A8279/nPayment_2016_March_360255.zip: OK

As you can see some of them do get detected and the others do not.

Mikey van der Worp<https://www.linkedin.com/profile/view?id=182619557>
System Engineer

Utelisys Communications B.V.
Trinity Buildings
Tower A, 7th floor
Pietersbergweg 15
1105 BM Amsterdam

M         +31 (0) 62 942 2052
T          +31 (0) 20 561 8010
F          +31 (0) 20 561 8021

LinkedIn<https://www.linkedin.com/company/utelisys-communications-b.v./> - Facebook<https://www.facebook.com/utelisyscommunications>

<http://www.utelisys.com/>www.utelisys.com<http://www.utelisys.com> – <https://www.utelisys.com/> https://www.utelisys.com/

On 03/09/2016 03:33 PM, Jerry Benton wrote:
Define “virus” as the most popular complaint of viruses making it through are HTML attachments that download ransomware via an iframe, which technically are not viruses. (the HTML attachments)

-
Jerry Benton
www.mailborder.com<http://www.mailborder.com>

On Mar 9, 2016, at 9:29 AM, Mikey van der Worp <mvdworp at utelisys.com<mailto:mvdworp at utelisys.com>> wrote:

Gentlemen,

One of our customers opened a virus and now 2000+ emails are targeting us, mostly of them are either spam messages or virusses. Does anybody have a solution for this? Some of the virusses are coming through and some of them don't.

Our current setup is:
* clamav -> with unofficial rules (does not consume any cpu actually)
* spamassassin (with spamhaus etc)
* savscan (consuming a lot of our cpu and does not even detect 30%)
* mailscanner (high scoring spam = 4.0+, low scoring = 3.0)

I am willing to pay for an virus scanner, but if somebody can help me make the better choose of what to use with this, the virusses are the very annoying "invoice" emails. Does anybody suggests McAfee or Norton? Or another one?

Most viruses are actionscripts, doc and executables. We wish not to block the extension as this will block a lot of e-mails outgoing from our customers.

Best regards,
Mikey van der Worp

--
Mikey van der Worp<https://www.linkedin.com/profile/view?id=182619557>
System Engineer

Utelisys Communications B.V.
Trinity Buildings
Tower A, 7th floor
Pietersbergweg 15
1105 BM Amsterdam

M         +31 (0) 62 942 2052
T          +31 (0) 20 561 8010
F          +31 (0) 20 561 8021

LinkedIn<https://www.linkedin.com/company/utelisys-communications-b.v./> - Facebook<https://www.facebook.com/utelisyscommunications>

<http://www.utelisys.com/><http://www.utelisys.com/>www.utelisys.com<http://www.utelisys.com> – <https://www.utelisys.com/> <https://www.utelisys.com/> https://www.utelisys.com/

--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20160309/807f4012/attachment.html>