Topic: Possible virus Help please

[Der_Rabe]

I am running the last version e-smith (6.0.1 i think)produced before contribs bought the rights.  I have been having a problem over the last few days where I am getting thousands of returned email to my admin account and they appear to be coming from anonymous@mysite.com.  This account does not exist and I am running clam virus protection but I dont know what to do for this.  I have thourghly check the other computers connected to the SME server for all viruses and they all come up clean.  So I am thinking that the server might be infected.  But how else can you run a virus scan other then clam on the box it self any help greatly appreciated

[guest22]

I think Clam is doing it's job just fine.

[Der_Rabe]

So what could be cuasing my problem becuase it apears that my server is sending out the original emails and all the emails I get are telling me to unknown email address

[Jon_Reynolds]

Have you looked at the message headers from the email you are receiving? This will tell you were for sure it is coming from. If you have a windows machine on your network then I would look to that for viruses, AFAIK, there are no viruses for Linux except for a proof of concept virus I read about a few years ago.

If you are not able to understand the headers then paste it in here and someone will be able to help you.

Hope that helps,

Jon

[CharlieBrady]

I am running the last version e-smith (6.0.1 i think)produced before contribs bought the rights.

contribs did not buy the rights to anything. They were "given custody of" all of the forum posts from the e-smith boards, but they hold those in trust for the community - they aren't "owned" by contribs (and certainly weren't bought). The ownership rights to the software still lies with the various original authors.

I have been having a problem over the last few days where I am getting thousands of returned email to my admin account and they appear to be coming from anonymous@mysite.com.

There's every chance those returned emails have nothing to do with your server - they just happen to be the result of forged spam which happened to use your server's domain name in the from address. But you'd need to examine the full headers of those messages to determine where they have come from and why. I'm sure if you search you'll find good advice on the web as to how to interpret bounced email messages.