The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Virus mails filling my mail queue (MyDoom-O and Win32.Sober.y)

Discussion in 'E-mail Discussions' started by neo4242002, Feb 23, 2006.

  1. neo4242002

    neo4242002 Well-Known Member

    Joined:
    Jun 28, 2005
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    I am receiving huge number of infected emails from one of my client. All these mails are now stuck in my mail queue. When I try to sent them by force, I get following message on WHM :confused: :confused: :confused: :confused:

    HTML:
    Message 1FA9a6-0002qY-Fe is no longer frozen
    delivering 1FA9a6-0002qY-Fe
    Connecting to ********* [*********]:25 ... connected
      SMTP<< 220 ********* ESMTP Exim Thu, 23 Feb 2006 07:04:57 +0000
      SMTP>> EHLO *********
      SMTP<< 250-ptb-********* Hello ********* [*********]
             250-SIZE 104857600
             250-PIPELINING
             250 HELP
      SMTP>> MAIL FROM:<> SIZE=4228
      SMTP>> RCPT TO:<*********>
      SMTP>> DATA
      SMTP<< 250 OK
      SMTP<< 250 Accepted
      SMTP<< 354 Enter message, ending with "." on a line by itself
      SMTP>> writing message and terminating "."
      SMTP<< 550 This message looks like MyDoom-O
      SMTP>> QUIT
    LOG: MAIN
      ** ********* <*********> R=lookuphost T=remote_smtp: SMTP error from remote mail server after end of data: host ********* [*********]: 550 This message looks like MyDoom-O
    LOG: MAIN
      Frozen (delivery error message)

    HTML:
    Message 1F9gNz-00083e-M7 is no longer frozen
    delivering 1F9gNz-00083e-M7
    Connecting to ********* [*********]:25 ... connected
      SMTP<< 220 ********* ESMTP Exim Thu, 23 Feb 2006 07:05:06 +0000
      SMTP>> EHLO *********
      SMTP<< 250-ptb-********* Hello ********* [*********]
             250-SIZE 104857600
             250-PIPELINING
             250 HELP
      SMTP>> MAIL FROM:<> SIZE=8680
      SMTP>> RCPT TO:<*********>
      SMTP>> DATA
      SMTP<< 250 OK
      SMTP<< 250 Accepted
      SMTP<< 354 Enter message, ending with "." on a line by itself
      SMTP>> writing message and terminating "."
      SMTP<< 550 This message looks like Win32.Sober.y
      SMTP>> QUIT
    LOG: MAIN
      ** ********* <*********> R=lookuphost T=remote_smtp: SMTP error from remote mail server after end of data: host ********* [*********]: 550 This message looks like Win32.Sober.y
    LOG: MAIN
      Frozen (delivery error message)
    
    ********* = removed fro privacy

    Apparently there are only two virus causing this problem (MyDoom-O and Win32.Sober.y)

    A) I do not know why clamav dose not detect these viruses and destroy them automatically, in fact how do I config clamav to do so

    B) How do I filter these infected message and delete them from mail queue manually.

    C) While searching on the net I found following article

    http://www.rvskin.com/index.php?page=public/antispam

    If I have not installed rvskin, can I still go ahead with ONLY number 3 without following other steps

    #3 Virus Protection

    1. Configure Exim to reject virus at SMTP time
    2. Configure Exim to reject virus + sender whitelist + receiver whitelist


    I hope someone can help me out on this deep trouble.
     
  2. neo4242002

    neo4242002 Well-Known Member

    Joined:
    Jun 28, 2005
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    Apparently every one even fear to talk about MyDoom-O and Win32.Sober.y :D :confused: :confused: :confused: I have seen no replies and no comment about these virus in any corner of cpanle forum :confused:

    Anyone out there to help me?
     
  3. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    Here is my suggestion

    Delete the mail queue

    remove the offending e-mail account or block their ip

    contact chirpy at configserver.com and have them install their mailscanner package on your server then edit the config to delete virus e-mails
     
Loading...

Share This Page