|
Runbox Forum Everything related to Runbox should go here: suggestions, comments, complaints, questions, technical issues, etc. |
|
Thread Tools |
24 Mar 2004, 04:21 PM | #1 |
Essential Contributor
Join Date: Feb 2004
Posts: 221
|
virus in incoming mails
Today (24.03.2004), virus infected email was let through by runbox)
(Gladly, Norton AV program detected it while downloading via POP3) Norton AntiVirus removed the attachment: your_text.pif. The W32.Netsky.D@mm threat was detected in the attachment. |
24 Mar 2004, 09:45 PM | #2 |
Intergalactic Postmaster
Join Date: Jan 2002
Location: Chicago, IL
Posts: 5,606
Representative of:
Runbox.com |
From what I can tell the ClamAV virus database does not yet have a signature to recognize this worm.
You can search the ClamAV database at: https://clamav-du.securesites.net/cgi-bin/clamgrok Regards, Rich |
31 Mar 2004, 09:30 PM | #3 | |
Essential Contributor
Join Date: Feb 2004
Posts: 221
|
Quote:
I am tired of seeing this virus W32.Netsky.D@mm again and again in my inbox ( and Runbox / ClamAV have done nothing to stop it after so many days it originated ) |
|
31 Mar 2004, 10:52 PM | #4 |
The "e" in e-mail
Join Date: Jul 2001
Location: Los Angeles,CA
Posts: 4,652
Representative of:
Runbox.com |
I've mailed this to our sysops, as I am very surprised that such an extremely common virus wouldn't be caught by Clam...
Liz |
6 Apr 2004, 10:02 PM | #5 | |
Essential Contributor
Join Date: Feb 2004
Posts: 221
|
Quote:
|
|
7 Apr 2004, 12:38 AM | #6 |
Intergalactic Postmaster
Join Date: Jan 2002
Location: Chicago, IL
Posts: 5,606
Representative of:
Runbox.com |
Apparently ClamAV calls the Netsky worm the SomeFool worm and it is suppose to catch the SomeFool.D according to it's database. However, I found some messages indicating that others are having a similar problem with the Netsky/SomeFool.D getting through. The only suggestion I found was to make sure that ClamAV was current.
Regards, Rich |
8 Apr 2004, 12:48 AM | #7 | |
Essential Contributor
Join Date: Feb 2004
Posts: 221
|
Quote:
Does it mean that ClamAV will not fix this while all other AV programs have fixed it long back. I have got some bounced messages saying my PC sent Netsky virus ( its my own AV settings problem), but point was to outline what other mail-server think about this particular virus |
|
12 Apr 2004, 08:40 PM | #8 | |
Essential Contributor
Join Date: Feb 2004
Posts: 221
|
Quote:
There has been so many of it....in my Inbox. |
|
12 Apr 2004, 09:55 PM | #9 | |
Master of the @
Join Date: Feb 2004
Location: Melbourne, Australia
Posts: 1,711
Representative of:
Bluebottle.com |
Quote:
|
|
12 Apr 2004, 09:58 PM | #10 | |
Master of the @
Join Date: Feb 2004
Location: Melbourne, Australia
Posts: 1,711
Representative of:
Bluebottle.com |
Quote:
|
|
12 Apr 2004, 11:52 PM | #11 | |
Essential Contributor
Join Date: Feb 2004
Posts: 221
|
Quote:
|
|
13 Apr 2004, 07:55 AM | #12 | |
Master of the @
Join Date: Feb 2004
Location: Melbourne, Australia
Posts: 1,711
Representative of:
Bluebottle.com |
Quote:
Whilst I cannot answer as to whether this protection is sufficient in the Runbox environment, I would comment (as I have done so before) that server-side anti-virus protection, whilst having it's merits in providing 'front-line' protection against email-bourne viruses, should not be considered a substitute for user vigilence and client-side anti-virus software. |
|
14 Apr 2004, 03:50 AM | #13 | ||
Junior Member
Join Date: Jan 2004
Posts: 22
|
Quote:
We've been rejecting heaps of this particular virus. Could it be that the e-mails you're seeing have been downloaded to your Runbox account from an external POP3 source? These messages aren't filtered thru ClamAV at present. If you are uncertain, you can find out by following the «View source» link in the message display, and find the lower-most Received-header that speaks of a Runbox host, and see if it reads Received: [...] by foo.runbox.com with local. (The word local is the significant one, and would read esmtp or similar for messages received directly). If it indeed has been delivered via SMTP, see if the virus is actually present. Some brain dead mail servers actually remove the virus, before sending the «disinfected» message on to its destination. Needless to say, we cannot detect any malware in such messages, even though they will look menacing to you in the message listing. If you can't see a large block consisting mainly of upper-case characters, digits, and some other characters near the end of the virus mail, then that is what has happened. Quote:
Besides, as rob_au points out, working with ClamAV is very comfortable from a sysadm's point of view. Access to the source code of a piece of software is absolutely invaluable when trying to adapt it to complex systems such as Runbox, or to track down bugs. If a binary-only software package misbehaves, you often can't do anything about it at all - it a black box welded shut. Tore |
||
18 May 2004, 02:14 PM | #14 | |||
Junior Member
Join Date: May 2004
Posts: 7
|
I can't for the life of me understand why I just PAID for a subsciption for a service that cheaps out, and goes for free stuff...open source or not. We pay them...PAY THEM ...to get our mail for us, and give us an email account! And they use free stuff, that is insane! If I would have know that just 5 days ago then I would have passed on this service. Unbelieveable!?
Quote:
Quote:
Oh yea I fofgot...and they don't scan our POP mail?! We pay for this right...wasn't that one of the benifits of having the account, and PAYING you?! NOT TOMENTION THIS! Quote:
So my question is...what else are we paying for and not getting...They are using all "FREE" open source software...open your eyes people! Bumfumbled, -Adam Last edited by AdamStac : 18 May 2004 at 02:40 PM. |
|||
18 May 2004, 02:27 PM | #15 |
Moderator
Join Date: Feb 2002
Location: Kingaroy, AU
Posts: 3,179
|
Adam, I could well be wrong but we haven't actually determined that Runbox don't pay for their use of the anti-virus product, have we?
Jeff |