Some spam slipping through |
Post Reply 
|
| Author | |
jacksun 
Newbie 
Joined: 24 February 2005 Status: Offline Points: 31 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Some spam slipping throughPosted: 01 December 2005 at 11:07am |
|
Has anyone else seen this:
*@fbi.gov:nondr or *@fbi.gov:nondr in blacklist email from and lots are getting blocked but some are still getting through?
I can see no obvious difference in the emails that are blocked and those that aren't.
Anyone have a good regex to stop these @fbi.gov or @cia.gov nasties?
Funny thing is they are also getting through the Anti-virus plugin even though they are infected.
Thanks,
Wayne
|
|
 |
|
|
vrspock
Guest Group 
|
Post Options
Thanks(0)
Quote Reply
Posted: 01 December 2005 at 4:38pm |
|
I would double check your antivirus plugin and insure that its definitions are up to date. I installed the trial key for the plug-in on our system because our mail server's internal anti-virus was failing to stop these and we've been getting hammered by them. They are all Sober.X aka Sober.AA virus. Since Monday at 7PM, the anti-virus plug-in has stopped just over 6,000 of these emails that have been hitting us. Sober.AA is by far the most agressive worm I've ever been aware of as far as its attempts to spread through email and its insistance on flooding fbi.gov and cia.gov with NDR's. On a side note, hotmail.com appears to be having major email issues. One of my clients asked me about a series of NDR's they received, all from hotmail. I did a test at dnsstuff.com and discovered that all of the hotmail.com MX servers are timing out very sporadically. Wonder if this is related to Sober.AA? |
|
|
|
|
jacksun
Newbie
Joined: 24 February 2005 Status: Offline Points: 31 |
Post Options
Thanks(0)
Quote Reply
Posted: 02 December 2005 at 12:32pm |
|
It appears my AV plugin is not working. Licensed spamfilter, licensed AV plugin expiring in 2006. Running on Windows 2003 server enterprise and Exchange 2003 enterprise on same server.
I have reactivated the key, stopped and started the service, and nothing has resolved the issue.
One thig I am seeing is the NseIncr.def for local definitions is dated 12/7/2005 2:00:20 PM and the NvcIncr.def latest Virus definitions is dated 12/2/2005 9:36:52 am.
Here is the info from my spamfilter.ini file:
NvcBinDate=12/07/2005 9:38:44 AM
NvcIncrDate=12/07/2005 2:00:20 PM NvcMacroDate=12/07/2005 9:41:02 AM Nse_w32Date=9/5/2005 6:58:40 AM I find it odd the latest Def date and time is 5 days into the future?
Any help would be appreciated.
Thanks,
Wayne
|
|
|
|
|
jacksun
Newbie
Joined: 24 February 2005 Status: Offline Points: 31 |
Post Options
Thanks(0)
Quote Reply
Posted: 02 December 2005 at 12:48pm |
|
OK...corrupted files in the A/V subdirectory. Copied files from working install to this one and all is now working again.
Kind of weird but oh well......
Cheers,
Wayne
|
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.146 seconds.