Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Getting hit with email virus attachments of 75K, how can I block this?

Discussion in 'E-mail Discussion' started by BianchiDude, Nov 22, 2005.

  1. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    166
    Getting hit with email virus attachments of 75K, how can I block this?
     
  2. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    4
    Trophy Points:
    343
    Location:
    ON, Canada
    Other than having your default address set to fail, you can't do much. Between my many different POP accounts I've gotten around 100 of them today. I've even gotten a couple of bounce messages from ones I supposedly sent.

    Some idiot out there is having fun seeing how many people will launch his attachments. They contain W32.Sober.X@mm.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,470
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    The most obvious solution is to install a server-side email virus scanner - I never get any viruses into my mailbox.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,505
    Likes Received:
    1
    Trophy Points:
    318
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Chirpy, which Server-side eMail Virus scanner worked best for you?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,470
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Well, ClamAV works fine for me as a freely available scanner. Others like fprot and nod32. TBH, I find that the additional file type and file name filters in MailScanner block nearly everything anyway regardless of virus scanning.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    4
    Trophy Points:
    343
    Location:
    ON, Canada
    One thing about these emails that has me puzzled.

    I have several email addresses I use that are set as forwarders to one POP account and the default is set to fail, but somehow I'm getting these emails to all different variations. The most recent one is x_mail-list@premierwebsitesolutions.com but I can't even send email to that. I view the raw file and there are no other addresses in the headers. How can they send emails to something that should fail and get it to me? Chirpy??? ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. wipl

    wipl Active Member

    Joined:
    Oct 12, 2003
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    156
    Even I'm having the same problem, lotsa domains on which default account is set to fail are still receving mails on addresses like XFreeMail@domain.com while these kinda email doesn't exist at all. :confused:
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,470
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    There's a subtle difference in the way emails are routed by the SMTP protocol that you do have to be careful about. Exim does its account checking on the email address using the SMTP protocol exchange at the beginning of delivery using the results from the "RCPT TO: address@domain.com" command. That email address does not have to be the same as what appears in the email header for the To: (or other recipient) fields. I would suspect that that's where the confusion/problem is.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    4
    Trophy Points:
    343
    Location:
    ON, Canada
    Thanks for the explanation.

    It's a good thing some people out there have nothing better to do with life or the rest of us might get bored. :rolleyes:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice