> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Ian Lewis
> Sent: Friday, December 03, 2004 5:56 AM
>
>
> Hi,
>
> If anyone is interested this is how I use ClamAV.
>
> My mailserver is running Trustix Secure Linux with Postfix 2.1 as MTA.
> Incoming emails with attachments including .doc/.jpg are filtered
> into ClamAV
> by Amavis-new. If the message contains a virus (which is all too
> often true)
> it is quarantined on the server and a message is sent to 'postmaster'.
>
> The spoofed sender does not receive any notification and neither does the
> recipient. I keep the emails just in case a contact has sent a
> legitimate but
> infected email. That way we can retrieve it.
>
> Here is a list of recent activity for interest...
>
> Viruses stopped Yesterday: Thu Dec 2
> 29 Worm.SomeFool.P
> 22 Worm.SomeFool.Gen-1
> 14 Worm.Mydoom.M
> 8 Worm.SomeFool.Gen-2
> 8 Worm.Sober.I
> 5 Worm.SomeFool.Z
> 4 Worm.SomeFool.Q
> 1 Worm.Wurmark.A
> 1 Worm.SomeFool.AB
> 1 Worm.SomeFool.AA-2
> --------
> 93
>
> Viruses stopped this month (Dec)
>
> 80 Worm.SomeFool.P
> 51 Worm.SomeFool.Gen-1
> 19 Worm.SomeFool.Gen-2
> 17 Worm.Mydoom.M
> 12 Worm.Sober.I
> 10 Worm.SomeFool.Z
> 10 Worm.SomeFool.X
> 8 Worm.SomeFool.Q
> 2 Worm.SomeFool.AB
> 2 Worm.SomeFool.AA-2
> 1 Worm.Wurmark.A
> 1 Worm.Bagle.Y
> 1 Worm.Bagle.AU
> --------
> 214
>
> Viruses stopped last month (Nov)
>
> 874 Worm.SomeFool.P
> 550 Worm.SomeFool.Gen-1
> 256 Worm.SomeFool.Gen-2
> 245 Worm.Sober.I
> 220 Worm.SomeFool.Z
> 129 Worm.SomeFool.Q
> 89 Worm.Mydoom.M
> 53 Worm.Bagle.AT
> 50 Worm.Bagle.AU
> 22 Worm.SomeFool.X
> 20 Worm.Bagle.Z
> 19 Worm.SomeFool.AB
> 17 Worm.Zafi.B
> 8 Worm.Bagle.Gen-vbs
> 8 Worm.Bagle.AC
> 6 Worm.Mabutu.A-unp
> 5 Worm.Mydoom.T
> 4 Worm.BugBear.B
> 4 Worm.Bagle.Gen-zippwd
> 1 Worm.Mydoom.I
> 1 Worm.Klez.H
> 1 Worm.Bagle.AG
> 1 W95.Hybris.PI.003
> --------
> 2583
>
> Best wishes,
>
> Ian Lewis
>
I think it could be nice to have like a list of "known systems". That way a
newbie could read and choose the best for his needs.
We use Sendmail 8.13.0 (since 8.12.11) + Clamav-milter + Clamd.
No quarantine, no postmaster/sender/recipient notice, just reject messages.
Centralized freshclam on two servers at different times (minutes 23 and 53
respectively). OnUpdate it propagates vía sftp to the other 9 servers
(including the other one that runs freshclam, so it doesn't have to update
again). OnUpdate & OnError sends a message to postmaster.
Viruses stopped Yesterday: Thu Dec 2
77550 Worm.SomeFool.Gen-1
76936 Worm.SomeFool.P
26800 Worm.Mydoom.M
21249 Worm.Bagle.Gen-zippwd
16744 Worm.Sober.I
15929 Worm.Bagle.AT
13421 Worm.Bagle.AG.2
10705 Worm.Mydoom.I
10688 Worm.Bagle.AU
8772 Worm.SomeFool.Q
7810 Worm.SomeFool.Z
6090 Worm.Bagle.Z
5227 Worm.Bagle.N
4912 Worm.Bagle.Gen-vbs
3220 Worm.Bagle.AC
2259 Worm.SomeFool.AB
2085 Worm.Bagle.P
1910 Worm.Zafi.B
1637 HTML.Phishing.Bank-1
1488 Worm.Bagle.AG
1305 Worm.Bagle.Y
1219 Worm.Dumaru.A
1211 Worm.Mydoom.M.log
1181 Worm.Bagle.Gen-1
799 Worm.Mydoom.N
725 Trojan.Dropper.C
561 Worm.SomeFool.AA-2
549 Worm.BugBear.B
530 Worm.Dumaru.E
508 Worm.Bagz.C
456 Worm.SomeFool.Gen-2
433 Worm.Bagle.AG-empty
413 Worm.Bagle.AF
339 Worm.Mydoom.Gen-unp
321 Worm.SomeFool.X
301 Worm.Mimail.J
262 Worm.Klez.H
246 Worm.Bagle.Gen-rarpwd
211 Worm.Mimail.Q
210 Worm.Bagz.F
202 Worm.SomeFool.I
187 Worm.SomeFool.Y
187 Worm.Mydoom.F
173 Worm.Lovgate.X
171 Worm.Bagz.E
167 HTML.Phishing.Bank-15
165 Worm.Mimail.I
154 Suspected.Zip
141 HTML.Mydoom.email-gen-3
138 Worm.Mimail.G
132 Worm.SomeFool.R
122 Worm.Gibe.F
116 HTML.Phishing.Bank-31
113 Worm.Bagz.D
108 Worm.Bagle.AP
108 HTML.Phishing.Bank-43
103 HTML.Mydoom.email-gen-1
90 Worm.SCO.A
88 Worm.Mabutu.A-unp
69 Exploit.HTML.Bagle.Gen-3-eml
57 Worm.Mydoom.Gen-1
56 Worm.Somefool.Gen-3
46 FunLove.4099
45 HTML.Mydoom.email-gen-2
44 Worm.Nyxem.C
27 HTML.Phishing.Bank-52
24 Exploit.HTML.Bagle.Gen-7-eml
21 Exploit.HTML.Bagle.Gen-4-eml
20 Worm.Wurmark.A
19 Yaha.K
18 HTML.Phishing.Bank-3
18 Worm.Mydoom.T
17 Worm.SomeFool.P.2
16 HTML.Phishing.Bank-22
13 Worm.Nyxem.D
13 Worm.SomeFool.F
12 HTML.Phishing.Bank-37
10 HTML.Phishing.Bank-12
10 W95.Dupator.1503
9 Worm.Mydoom.H
8 Exploit.HTML.Bagle.Gen-8-eml
7 Worm.SomeFool.Z-msg-2
7 Worm.Dumaru.Y
7 Worm.SomeFool.N
6 HTML.Phishing.Auction-3
6 HTML.Phishing.Auction-2
6 Trojan.Dropper.JS.Mimail.B
5 Worm.P2P.Darby.Gen
4 HTML.Phishing.Bank-49
4 Worm.Bugbear.E-1
4 HTML.Phishing.Bank-45
4 Worm.SomeFool.M
4 HTML.Phishing.Auction-4
3 HTML.Phishing.Bank-28
3 Worm.Mabutu.A
3 Exploit.IFrame.Gen
3 Worm.Sobig.A
3 W97M.Pri.A
3 Oversized.Zip
2 Worm.Nyxem.B
2 CIH.2
2 Worm.MyDoom.H-2
1 Exploit.HTML.ObjectData
1 Joke.W32.Amigo
1 Joke.Xmas
1 W97M.Aquiles
1 Joke.CokeGift
1 Trojan.Dropper.JS.Zerolin-6
1 Worm.SomeFool.R.2
1 Trojan.Dropper.JS.Zerolin-7
1 Worm.P2P.Darby.O
1 W32.Magistr.B2
1 Exploit.HTML.Bagle.Gen-1-eml
1 Worm.Lovgate.R
1 Worm.SomeFool.K
1 Dialer.StarDialer-4
1 Worm.Yaha.G
1 Worm.Torvil.D
1 Worm.Sircam
1 W97M.Marker.C.2
1 Trojan.Downloader.Small-165
----------
330556
You can guess our monthly stats.
We have more than 4 million mails daily, 150 clamav-milter and 26 clamd
threads concurrently per server on peak hour.
Regards,
Samuel Benzaquen
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
