This is getting rediculous
i have more than 36% infected ratio
all sobig.f
is there anything i can do about that?
is there a utility that will go thru the log and count the numbers of
viruses per remote (or local) ip adress? so i can block the most guilty
adresses on my gateway ?
Scan Summary
is there a utility that will go thru the log and count the numbers of
viruses per remote (or local) ip adress? so i can block the most guilty
adresses on my gateway ?
You might want to go to the spool directory at a command prompt, and type:
find Received: D*.SMD file1.txt
sort
That would be the spool\virus directory, correct?
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.Virus-
[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Friday, August 29, 2003
thanks scott
i was able to select a dozen of adresses and this is making a big difference
!SoBig senders
deny tcp host 200.93.136.5 any eq smtp
deny tcp host 81.192.2.130 any eq smtp
deny tcp host 80.11.225.195 any eq smtp
deny tcp host 80.11.225.123 any eq smtp
deny tcp host 80.14.187.188 any
Where are you denying those IP addressesat your router I assume?
I don't have control over that...is ther anyplace else to enter an IP
address to be denied?
Imail?
Delcude?
Dan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of serge
Sent: Friday,
In the Imail SMTP config screen.
However, IF you do that and you have a SECONDARY SMTP server, you need to
block there as well. Otherwise, they simply go to the backup SMTP and the
mail still ends up in your system.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201
I've been sticking the IPs into IMAIL's control access list as fast as
they have been coming in. Declude reports them and I'm popping them in
there and I'm not sure I'm ever going to remove them.
Under local host SMTP second tab SMTP security Control access
button
You must stop and restart
I had to argue with an IMAIL admin with Declude for two days and had to
e-mail him the damn otherpostmaster and sender eml files before he would
change them.
I hope my change took effect... : )
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
You might want to go to the spool directory at a command prompt, and type:
find Received: D*.SMD file1.txt
sort file1.txt file2.txt
That would be the spool\virus directory, correct?
Good catch, you are correct. It should be the spool\virus directory.
John Tolmachoff,
Personally, I have 2 months experience with my new ISP company and
Declude.
Not everyone is as smart as you.
Maybe you should leave the List and start your own discussion group.
The only stupid question is the one that is not asked. Often, there is
more than one way to do
The sobig virus forges the sender, as you should know. The Declude
software allows you to indicate this in the bounce message to yourself
by putting the line FORGINGVIRUS Sobig in the virus.cfg fie. It also
allows you not send this notification by putting the line
SKIPIFVIRUSNAMEHAS Sobig in
Personally, I have 2 months experience with my new ISP company and
Declude.
Not everyone is as smart as you.
Maybe you should leave the List and start your own discussion group.
Excuse you, but unless you have been hiding under a rock, the fact the Sobig
forges the sender has been discussed
12 matches
Mail list logo
