[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Klez E Plague
- Subject: Re: [cobalt-security] Klez E Plague
- From: Martin Moeller <martin@xxxxxxx>
- Date: 04 Sep 2002 10:26:23 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
There are several ways, ranging from the free to the downright
expensive.
<plug>
My solution (which is free as in GPL) is a 'homegrown' procmail filter
and supporting shell scripts aptly called procmail-antivirus.
You can find it at http://cobalt-aid2.lindist.dk, if you want to try it.
</plug>
Another very good solution is Trend Micro InterScan VirusWall
(commercial). This catches the virus by name, etc. so you know exactly
what was detained. http://www.antivirus.com.
Also, Amavis with one or more supporting programs should be able to do
this (www.amavis.org). Amavis itself is free. Some of the antivirus
software is supports is also 'free as in water' (I don't like beer ;))
and others cost money (McAfee for instance, as far as I know). I believe
F-Prot is currently free for Linux.
<plug>
My filter (mentionened at the top) matches on procmail recipes and
quarentines messages. A message is usually sent to the person who would
have received it and the sender of the message. This can be customized,
as can the contents of said message.
If anyone knows of a way to make procmail write an extra little file
with a custom string (like the name of the recipe) to disk when
quanrentining, I'd like to know ;). It would be a nice extra..
</plug>
/Martin.
ons, 2002-09-04 kl. 09:28 skrev Kameel:
> Heya all,
>
> One of my customers is having a problem with what appears to be the Klez E
> virus. Alot of different users are receiving bounce messages for mail they
> never sent, and "Klez E" looking emails in from people they don't know.
>
> I know this has been mentioned on the list before, but I couldn't find
> anything useful in the archives !
>
> Is there a way to stomp out Klez E at my (RaQ3) server ?
>
> Thanks,
> Kam.
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
--
Martin Moeller
Liga LinDist ApS.
Faelledvej 16D
DK-2200 Copenhagen N
Tel: +45 35 36 95 05
Fax: +45 35 36 92 05
http://www.liga.dk
mailto: martin@xxxxxxx