Server under Virus Attack - Please help it's URGENT !!!

Hi Guys,

I'm under a BIG problem as my Redhat 9.0 server is badly under a Virus Attack even after having a mailscanner (clamav) installed and having setting under the exim to remove the attachments like : .pif .exe .scr or something similar but still loads of virus mails are not detectable by the mailscanner.

Here is list of Virus from which my server is affected :

1. Worm.SomeFool.P (90% of the Virus mails are affected by this virus)
2. Worm.SomeFool.Z
3. Worm.SomeFool.Gen-1
4. Worm.SomeFool.Gen-2
5. Worm.Bagle.AG
6. Worm.Bagle.AG.2
7. Worm.Bagle.AC
8. Worm.Gibe.F

and many other also but these are the major ones affecting mails daily


Below are my few problems with it and I need your help :

1) Mailscanner is very much capable of removing the attachments but I want him to simply remove the mail from the queue when it detect it as a virus mail.

2) I want to stop the mailscanner not to send any return mail when it detect a virus. Actually what it does whenever it found a virus it immediately send areturn mail to the sender. Most of the time the sender address is fake but sometime it is set to any email of my clients and they got a return mail they were trying to send a virus mail which they actually not.

Please help me to get out of this big problem.

 

Yes I think you are right and it seems that after updating it is solved (looks so). Actually I was so tensed and did a search in a hurry and didn't find anything. But now I did it and looked around many threads and I think I got it.

Once again thanks for your kind advice

 

I tell you, All I did is just upgrade the Mailscanner as directed at the following thread :

http://forums.cpanel.net/showthread.php?t=21290

and after updating it I updated the Clamav to 0.75 (latest version).

The thing which actually did the trick is setting under the mailscanner.conf which were not available under the old verion which I had and I just set few option like : denying to send a return mail whenever gets the virus (most of the time it is fake address) and few other similar options.

It is not like that my server is not receiving virus mails now. It is still receiveing virus infected mails right now but it not delivering them and not even sending the return mail to the Email ID set in the reply-to field (which is actually fake)

I hope this helps