I had a much more drastic increase since Saturday - but it turned out to be a "secondary" problem where a virus was sent to "[EMAIL PROTECTED]" - triggering Imail's list server to respond with "invalid command" - that email was sent to the apparent sender - which unfortunately was some other provider's unattended mailbox - which then responded with "thanks - we'll get back to you" - which got back to [EMAIL PROTECTED] and we had the two servers play a beautiful game of ping-pong.
I had 3 of those occasions so far since Saturday - each day creating HUGE log files! You might want to run the Imail log analyzer to see if certain Ips are suddenly sending thousands of emails per day - and then check the log if it's just an Imail List Server loop. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Wednesday, August 27, 2003 09:21 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Sobig, the next wave? Regards a major increase in Sobig, this is what happened here. John Log File Summary --------------------------------------------- Log Name Virus Count Total Scanned vir0801.log 2 2 vir0802.log 5 5 vir0803.log 1 1 vir0804.log 5 5 vir0805.log 1 1 vir0806.log 2 2 vir0807.log 1 1 vir0808.log 9 9 vir0809.log 4 4 vir0810.log 2 2 vir0811.log 6 6 vir0812.log 14 14 vir0813.log 3 3 vir0814.log 2 2 vir0815.log 1 1 vir0816.log 5 5 vir0817.log 5 5 vir0818.log 7 7 vir0819.log 437 437 vir0820.log 2,939 2,939 vir0821.log 3,937 3,937 vir0822.log 2,755 2,755 vir0823.log 275 275 vir0824.log 91 91 vir0825.log 8,525 8,525 vir0826.log 17,099 17,099 -------------------------------------------------------------- Virus Summary by Count --------------------------------------- Count Inbound/Outbound Name 34,338 34,338 / 0 W32/[EMAIL PROTECTED] 1,692 1,692 / 0 W32/Sobig.F 28 28 / 0 W32/[EMAIL PROTECTED] (corrupted) 25 25 / 0 W32/[EMAIL PROTECTED] 20 20 / 0 W32/[EMAIL PROTECTED] 17 17 / 0 W32/[EMAIL PROTECTED] 6 6 / 0 W32/[EMAIL PROTECTED] 3 3 / 0 W32/[EMAIL PROTECTED] 2 2 / 0 W32/[EMAIL PROTECTED] 2 2 / 0 W32/Hybris.worm.B -------------------------------------------------------------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Tuesday, August 26, 2003 2:43 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Sobig, the next wave? I have seen a major resurgence in messages caught in the last 24 hours, and have received a notice pointing to this short article: http://www.wininformant.com/articles/index.cfm?articleid=39943 John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.