Atomicorp

Security for Everyone
https://forums.atomicorp.com/

Virus on a domain

https://forums.atomicorp.com/viewtopic.php?t=6909

Page 1 of 1

Virus on a domain

Posted: Wed Jun 19, 2013 4:48 pm
by coolemail
I have a lot of entries in the maillog like below. It appears that they are being generated on our server - but nothing is being sent out from the server itself which is good.

Code: Select all

Jun 19 21:22:44 plesk3 qmail-scanner[2453]: Clear:RC:1(127.0.0.1): 0 1100 root@plesk3.hostname.co.uk <> policy-violation_found_in_sent_message_"I_just_caught_husband_cheating_on_me,_wa plesk3.hostname.co.uk13716733647972453-root@plesk3.hostname.co.uk quarantine-event.txt:1000
Is there a way that we can try and find where this is being initiated and stop it?

Re: Virus on a domain

Posted: Thu Jun 20, 2013 6:44 am
by prupert
Where do you see whether the ORIGINAL message (the one you are posting is not the log line for the original message) originates from your server?

And you can always check the headers from the message that is now residing in the quarantine folder.

Re: Virus on a domain

Posted: Thu Jun 20, 2013 1:06 pm
by coolemail
I lost my original reply presumably because the information I was trying to put on my reply was not liked by phpBB!
/var/spool/qscan/quarantine/viruses/new (420 items)
/var/spool/qscan/quarantine/policy/new (335 items)
appear to show that the emails were just coming from outside, but keep trying to re-deliver themselves. If I delete all those will that get rid of the multiple entries in the maillog that is causing them to want to re-send?
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited