[IMail Forum] Worm.SOBER.P

Scott Erwin Tue, 03 May 2005 06:25:57 -0700

My system was being swamped with emails containing this virus. I am running mxguard with clam and f-prot on the server. The latest clam update seems to have trapped the virus but what troubles me is how this is being done. Here's a snip for my log:

05:03 08:53 SMTPD(C3CB0132) [200.0.0.231] connect 200.0.0.54 port 2318
05:03 08:53 SMTPD(C3CB0132) [200.0.0.54] Helo fqhvetxh.uy
05:03 08:53 SMTPD(C3CB0132) [200.0.0.54] MAIL FROM: <[EMAIL PROTECTED]>
05:03 08:53 SMTPD(C3CB0132) [200.0.0.54] RCPT TO: <[EMAIL PROTECTED]>

this is followed by numerous RCPT TO's to our valid addresses.

200.0.0.231 is the lan address of the mail server. 200.0.0.54 is a client on the lan. There are two other client machines that appear to be doing all the sending. Trend does not detect any virus on those systems.

I have No Mail Relay selected and SMTP auth is required. What'g going on here?

Thanks
Scott

To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

[IMail Forum] Worm.SOBER.P

Reply via email to