Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Virus mails filling my mail queue (MyDoom-O and Win32.Sober.y)

Discussion in 'E-mail Discussion' started by neo4242002, Feb 23, 2006.

  1. neo4242002

    neo4242002 Well-Known Member

    Joined:
    Jun 28, 2005
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    166
    I am receiving huge number of infected emails from one of my client. All these mails are now stuck in my mail queue. When I try to sent them by force, I get following message on WHM :confused: :confused: :confused: :confused:

    HTML:
    Message 1FA9a6-0002qY-Fe is no longer frozen
    delivering 1FA9a6-0002qY-Fe
    Connecting to ********* [*********]:25 ... connected
      SMTP<< 220 ********* ESMTP Exim Thu, 23 Feb 2006 07:04:57 +0000
      SMTP>> EHLO *********
      SMTP<< 250-ptb-********* Hello ********* [*********]
             250-SIZE 104857600
             250-PIPELINING
             250 HELP
      SMTP>> MAIL FROM:<> SIZE=4228
      SMTP>> RCPT TO:<*********>
      SMTP>> DATA
      SMTP<< 250 OK
      SMTP<< 250 Accepted
      SMTP<< 354 Enter message, ending with "." on a line by itself
      SMTP>> writing message and terminating "."
      SMTP<< 550 This message looks like MyDoom-O
      SMTP>> QUIT
    LOG: MAIN
      ** ********* <*********> R=lookuphost T=remote_smtp: SMTP error from remote mail server after end of data: host ********* [*********]: 550 This message looks like MyDoom-O
    LOG: MAIN
      Frozen (delivery error message)

    HTML:
    Message 1F9gNz-00083e-M7 is no longer frozen
    delivering 1F9gNz-00083e-M7
    Connecting to ********* [*********]:25 ... connected
      SMTP<< 220 ********* ESMTP Exim Thu, 23 Feb 2006 07:05:06 +0000
      SMTP>> EHLO *********
      SMTP<< 250-ptb-********* Hello ********* [*********]
             250-SIZE 104857600
             250-PIPELINING
             250 HELP
      SMTP>> MAIL FROM:<> SIZE=8680
      SMTP>> RCPT TO:<*********>
      SMTP>> DATA
      SMTP<< 250 OK
      SMTP<< 250 Accepted
      SMTP<< 354 Enter message, ending with "." on a line by itself
      SMTP>> writing message and terminating "."
      SMTP<< 550 This message looks like Win32.Sober.y
      SMTP>> QUIT
    LOG: MAIN
      ** ********* <*********> R=lookuphost T=remote_smtp: SMTP error from remote mail server after end of data: host ********* [*********]: 550 This message looks like Win32.Sober.y
    LOG: MAIN
      Frozen (delivery error message)
    
    ********* = removed fro privacy

    Apparently there are only two virus causing this problem (MyDoom-O and Win32.Sober.y)

    A) I do not know why clamav dose not detect these viruses and destroy them automatically, in fact how do I config clamav to do so

    B) How do I filter these infected message and delete them from mail queue manually.

    C) While searching on the net I found following article

    http://www.rvskin.com/index.php?page=public/antispam

    If I have not installed rvskin, can I still go ahead with ONLY number 3 without following other steps

    #3 Virus Protection

    1. Configure Exim to reject virus at SMTP time
    2. Configure Exim to reject virus + sender whitelist + receiver whitelist


    I hope someone can help me out on this deep trouble.
     
  2. neo4242002

    neo4242002 Well-Known Member

    Joined:
    Jun 28, 2005
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    166
    Apparently every one even fear to talk about MyDoom-O and Win32.Sober.y :D :confused: :confused: :confused: I have seen no replies and no comment about these virus in any corner of cpanle forum :confused:

    Anyone out there to help me?
     
  3. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    Here is my suggestion

    Delete the mail queue

    remove the offending e-mail account or block their ip

    contact chirpy at configserver.com and have them install their mailscanner package on your server then edit the config to delete virus e-mails
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice