Virus on a domain

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
Post Reply
coolemail
Forum Regular
Forum Regular
Posts: 369
Joined: Tue Dec 16, 2008 8:01 am
Location: United Kingdom

Virus on a domain

Unread post by coolemail »

I have a lot of entries in the maillog like below. It appears that they are being generated on our server - but nothing is being sent out from the server itself which is good.

Code: Select all

Jun 19 21:22:44 plesk3 qmail-scanner[2453]: Clear:RC:1(127.0.0.1): 0 1100 root@plesk3.hostname.co.uk <> policy-violation_found_in_sent_message_"I_just_caught_husband_cheating_on_me,_wa plesk3.hostname.co.uk13716733647972453-root@plesk3.hostname.co.uk quarantine-event.txt:1000
Is there a way that we can try and find where this is being initiated and stop it?
Top
prupert
Forum Regular
Forum Regular
Posts: 573
Joined: Tue Aug 01, 2006 2:45 pm
Location: Netherlands

Re: Virus on a domain

Unread post by prupert »

Where do you see whether the ORIGINAL message (the one you are posting is not the log line for the original message) originates from your server?

And you can always check the headers from the message that is now residing in the quarantine folder.
Lemonbit Internet Dedicated Server Management
Top
coolemail
Forum Regular
Forum Regular
Posts: 369
Joined: Tue Dec 16, 2008 8:01 am
Location: United Kingdom

Re: Virus on a domain

Unread post by coolemail »

I lost my original reply presumably because the information I was trying to put on my reply was not liked by phpBB!
/var/spool/qscan/quarantine/viruses/new (420 items)
/var/spool/qscan/quarantine/policy/new (335 items)
appear to show that the emails were just coming from outside, but keep trying to re-deliver themselves. If I delete all those will that get rid of the multiple entries in the maillog that is causing them to want to re-send?
Top
Post Reply

Return to “General Help and Development Discussion”