Koozali.org: home of the SME Server

Suspected Virus from postmaster????

Olsen

Suspected Virus from postmaster????
« on: May 03, 2005, 06:24:07 PM »
Does anyone know how email could come from the postmaster account on the SME server?  I have gotten several different mail rejections (because I am the admin and all the mail rejects come to me) saying that there was a virus in an attachment.  The strange thing is, in the content of the email, there is a hyperlink to our website, the email directs a person to click on the link to access their account information.  I have never sent any emails out from the postmaster account, and I have never seen specific email spoofing where they were able to use the actual domain and link in the email.  Does anyone know where I would start to try to track where the problem is?  Thanks.

cc_skavenger

Suspected Virus from postmaster????
« Reply #1 on: May 04, 2005, 05:17:47 AM »
viruses spoof addresses nowadays.....

Olsen

Suspected Virus from postmaster????
« Reply #2 on: May 04, 2005, 05:43:31 PM »
I realize that people may be spoofing our address (as this is a common occurance), however, I looked at the domain where they were being sent to, in one example it was a University.  I then looked at our mail log to see if that domain was listed as a recipient...sure enough it was.  I want to make sure I can rule out a virus coming from our email system.  I have ClamAV installed and I am pretty sure it is checking incoming and outgoing mail...and would strip any outgoing emails with viruses, but I am not certain.  The virus being sent is worm.sober

Any suggestions.....anyone?

cc_skavenger

Suspected Virus from postmaster????
« Reply #3 on: May 04, 2005, 08:35:16 PM »
what version of clam?  Make sure it is 0.84, that is the newest.

Olsen

Suspected Virus from postmaster????
« Reply #4 on: May 04, 2005, 08:42:04 PM »
I am running 0.82.  Do you think this can be causing the issue?  I am going to install Swerts-Knusen's updated antivirus install package and hopefully this eliminates my problem.

Offline jackl

  • ****
  • 136
  • +0/-0
Suspected Virus from postmaster????
« Reply #5 on: May 05, 2005, 01:56:51 AM »
Olsen
For a guy who can't stay away you can't have being reading many posts if you are still using .82 clamav.
Anti-Virus software is forever not just for Christmas it needs looking after.

Regards
Jack
......

Olsen

Suspected Virus from postmaster????
« Reply #6 on: May 05, 2005, 05:29:05 PM »
jackl,

Well put, Antivirus is forever.....

I read posts when things go wrong....If it aint broke dont try to fix it....