The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Daily VIRUSES "Your email account will be suspended"

Discussion in 'E-mail Discussions' started by SupermanInNY, May 29, 2005.

  1. SupermanInNY

    SupermanInNY Well-Known Member

    Joined:
    Jul 19, 2003
    Messages:
    255
    Likes Received:
    0
    Trophy Points:
    16
    Hi Y'all,

    I'm getting a massive attack on my server from viruses that pose as:

    webmaster@<name of a domain that is on my server>
    Admin@<name of a domain that is on my server>
    Support@<name of a domain that is on my server>
    Register@<name of a domain that is on my server>


    All are coming through with attachments and sent out to many of my users including my own domain.

    I've not had any viruses come at all in the past 6 months, but now.. all of a sudden this surge of fake email headers and viruses is alarming.

    Is there something that needs to be done for clamAV to recognize and kill this virus attack?

    -Alon.
     
  2. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    All you can really do is ensure that you have both the latest version of ClamAV and the latest virus definitions.

    Assuming that ClamAV's virus definitions are correctly being updated hourly, perhaps you could check what version of ClamAV you are running? The latest stable release is 0.85.1 AFAIK.
     
  3. Trigger

    Trigger Well-Known Member

    Joined:
    May 17, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brisbane
  4. SupermanInNY

    SupermanInNY Well-Known Member

    Joined:
    Jul 19, 2003
    Messages:
    255
    Likes Received:
    0
    Trophy Points:
    16

    It may have been not updated/installed... :eek:
    Just to be clear on the process, I do this throug the Addon Modules and just install and keep udated for the clamavconnector. right?

    I think since my upgrade from version 9.x to 10.x it somehow 'lost' that.
    Until two weeks ago I have not seen a virus for about a year.. so this is a new experience for me.

    -Alon
     
  5. SupermanInNY

    SupermanInNY Well-Known Member

    Joined:
    Jul 19, 2003
    Messages:
    255
    Likes Received:
    0
    Trophy Points:
    16
    WORM_MYTOB.FC
    or someother worm of Mytob variant.

    Does ClamAV know how find it?
    Is it in the virus database?

    I just ran:

    /usr/bin/freshclam
    ClamAV update process started at Tue May 31 01:27:48 2005
    main.cvd is up to date (version: 31, sigs: 33079, f-level: 4, builder: tkojm)
    Downloading daily.cvd [*]
    daily.cvd updated (version: 899, sigs: 1783, f-level: 5, builder: ccordes)
    Database updated (34862 signatures) from database.clamav.net (IP: 62.26.160.3)

    Will this "save" me?

    -Alon.
     
Loading...

Share This Page