Need a book? Engineering books recommendations...

Return to index: [Subject] [Thread] [Date] [Author]

Re: OT: Armor-Plated Email Server

[Subject Prev][Subject Next][Thread Prev][Thread Next]
Dennis S. Wish, PE wrote:

Bill Polhemus wrote:

This will probably have absolutely no interest for most of you; I'm just looking for a place to crow.

And I hope this won't be seen as "hubris" by the powers-that-be. If I'm knocked of the 'net for a considerable period of time soon, we'll know why.

Good topic - worth discussing since it affects the way we do business by the time we waste when we use the Internet as a search tool or to obtain information needed for work.

Well, to update everyone, I don't get a lot of email with viral attachments--and those that I do get are typically caught by Norton AV. But now that I have this "freeware" (actually open-source software) solution running on my server, here are some messages I've gotten (not to my email account, but to the email of the "root" or administrative user on my Linux server):

(1)
Date: Mon, 7 Feb 2005 13:12:32 -0600
From: MAILER-DAEMON(--nospam--at)polhemus04.polhemus.cc
To: postmaster(--nospam--at)polhemus04.polhemus.cc
Cc: bill(--nospam--at)polhemus.cc
Subject: Virus intercepted

A message sent from <41D38FAD.1030204(--nospam--at)polhemus.cc> to
       <bill(--nospam--at)polhemus.cc>
contained Trojan.Downloader.Small-165 and has not been delivered.

(2)
Date: Tue, 8 Feb 2005 08:17:08 -0600
From: MAILER-DAEMON(--nospam--at)polhemus04.polhemus.cc
To: postmaster(--nospam--at)polhemus04.polhemus.cc
Cc: bill(--nospam--at)polhemus.cc
Subject: Virus intercepted

A message sent from <spatel(--nospam--at)sedg.net> to
       <bill(--nospam--at)polhemus.cc>
contained Worm.Bagle.Gen-1 and has not been delivered.

(3)
Date: Tue, 8 Feb 2005 08:17:14 -0600
From: MAILER-DAEMON(--nospam--at)polhemus04.polhemus.cc
To: postmaster(--nospam--at)polhemus04.polhemus.cc
Cc: bill(--nospam--at)polhemus.cc
Subject: Virus intercepted

A message sent from <spatel(--nospam--at)sedg.net> to
       <bill(--nospam--at)polhemus.cc>
contained Worm.Bagle.Gen-1 and has not been delivered.

(4)
Date: Tue, 8 Feb 2005 08:17:11 -0600
From: MAILER-DAEMON(--nospam--at)polhemus04.polhemus.cc
To: postmaster(--nospam--at)polhemus04.polhemus.cc
Cc: bill(--nospam--at)polhemus.cc
Subject: Virus intercepted

A message sent from <spatel(--nospam--at)sedg.net> to
       <bill(--nospam--at)polhemus.cc>
contained Worm.Bagle.Gen-1 and has not been delivered.

----------------------------

So that's four email messages with 3 "worms" and one "trojan" in the past two days! Seems like that's an escalation from what I typically see, which is one or two of these maybe in a week or ten-day period.

According to the ClamAV website, these are ALL variants of "the latest Bagle outbreak," so there does seem to be a "meteor shower" going on right now.

Has anyone else been catching a lot of these "hits" lately?

Anyway, to reiterate: None of these ever reached my email client. They were all STOPPED at the server, and destroyed. The server is Linux, and these are all Windows viruses so there was never any threat of contamination (and ClamAV also stops and destroys malware intended for Linux, BSD and Macintosh as well).

My object is to eventually discontinue using Norton Antivirus. It takes a lot of system resources and costs me about $200 a year to keep up to date. I am trying to go to freeware/open-source software services via my server on more and more of these kinds of utilities, and it seems to be paying off. I recently saved $100 a year just in DNS service by using my local caching and a public secondary DNS.



******* ****** ******* ******** ******* ******* ******* ***
*   Read list FAQ at: http://www.seaint.org/list_FAQ.asp
* * This email was sent to you via Structural Engineers * Association of Southern California (SEAOSC) server. To * subscribe (no fee) or UnSubscribe, please go to:
*
*   http://www.seaint.org/sealist1.asp
*
* Questions to seaint-ad(--nospam--at)seaint.org. Remember, any email you * send to the list is public domain and may be re-posted * without your permission. Make sure you visit our web * site at: http://www.seaint.org ******* ****** ****** ****** ******* ****** ****** ********