The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Getting hit with email virus attachments of 75K, how can I block this?

Discussion in 'E-mail Discussions' started by BianchiDude, Nov 22, 2005.

  1. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    Getting hit with email virus attachments of 75K, how can I block this?
     
  2. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    Other than having your default address set to fail, you can't do much. Between my many different POP accounts I've gotten around 100 of them today. I've even gotten a couple of bounce messages from ones I supposedly sent.

    Some idiot out there is having fun seeing how many people will launch his attachments. They contain W32.Sober.X@mm.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The most obvious solution is to install a server-side email virus scanner - I never get any viruses into my mailbox.
     
  4. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Chirpy, which Server-side eMail Virus scanner worked best for you?
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Well, ClamAV works fine for me as a freely available scanner. Others like fprot and nod32. TBH, I find that the additional file type and file name filters in MailScanner block nearly everything anyway regardless of virus scanning.
     
  6. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    One thing about these emails that has me puzzled.

    I have several email addresses I use that are set as forwarders to one POP account and the default is set to fail, but somehow I'm getting these emails to all different variations. The most recent one is x_mail-list@premierwebsitesolutions.com but I can't even send email to that. I view the raw file and there are no other addresses in the headers. How can they send emails to something that should fail and get it to me? Chirpy??? ;)
     
  7. wipl

    wipl Active Member

    Joined:
    Oct 12, 2003
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    0
    Even I'm having the same problem, lotsa domains on which default account is set to fail are still receving mails on addresses like XFreeMail@domain.com while these kinda email doesn't exist at all. :confused:
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    There's a subtle difference in the way emails are routed by the SMTP protocol that you do have to be careful about. Exim does its account checking on the email address using the SMTP protocol exchange at the beginning of delivery using the results from the "RCPT TO: address@domain.com" command. That email address does not have to be the same as what appears in the email header for the To: (or other recipient) fields. I would suspect that that's where the confusion/problem is.
     
  9. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    Thanks for the explanation.

    It's a good thing some people out there have nothing better to do with life or the rest of us might get bored. :rolleyes:
     
Loading...

Share This Page