[Dshield] Virus emails

Bart E. Hawley Sr. bart at texan.net
Wed Jan 28 20:38:28 GMT 2004


>----- Original Message ----- 
>From: "Johannes B. Ullrich"
>To: "General DShield Discussion List" <list at dshield.org>
>Sent: Wednesday, January 28, 2004 6:56 AM
>Subject: Re: [Dshield] Virus emails
>
>Nguyen:
>
>  you should install a virus scanner on your mail server.
>There is no way to easily filtering viruses without inspecting
>the content of an e-mail. So you have to accept the e-mail,
>scan it, and then drop it or not pending the outcome of the
>scan.
>

Actually, depending on your level of access and expertise:
With a combination of MIMEDefang, Sendmail, ClamAV, and SpamAssassin; it is
possible to reject/bounce or discard virused emails during the smtp session.

I chose to reject the virused emails to end usage of bandwidth at the
earliest possible
time. While logging the IPs of the senders to the maillog to facilitate
easily adding the
worst of the offenders to my firewall for a period of time to ease the load
on the
servers even more so. Good Luck Nguyen.

Bart E. Hawley Sr.
Systems Administrator
BNet, Inc.
713-926-2209

>
>>On Wed, 2004-01-28 at 13:48, Nguyen Nhu Hao wrote:
>> Dear list,
>> My servers have recieved many virus emails, how should I do to stop ?
they
>> used real domain so I cannot deny their domains.
>> Thanks for your help
>> Nguyen Nhu Hao
>
>-- 
>CTO SANS Internet Storm Center               http://isc.sans.org
>phone: (617) 837 2807                          jullrich at sans.org
>
>contact details: http://johannes.homepc.org/contact.htm
>
> _______________________________________________




More information about the list mailing list