One week of running Clam Anti-Virus and amavisd-new has resulted the following viruses quarantined:

Virus Quantity
Worm.SomeFool.Gen-1 85
Worm.SomeFool.P 62
Yaha.P 6
Worm.SomeFool.Gen-2 1
Total: 154

Interesting to note that, out of all the emails that have been quarantined, 119 (or 77.3%) of them are addressing one of the FOCUS mailing lists, with potential to reach out 300+ subscribers.

It is great to know the defense works.

Around 20% of Worm.SomeFool.Gen-1 is sent by this person on the Optus dialup network. By checking various logs, I found out that he/she also reads the FOCUS website and Tim's weblog. Tim has issued a wanted notice on his blog, and hopefully someone would own up.

Actually, I think I can guess who the person might be (from my collected logs + an educated guess). A "she". Good luck Tim for the hunt!


For anyone who came to this page looking for information on SomeFool.Gen-x virus, it is just another name for NetSky worm. There are lots of information available on the net. If you can't find it, maybe it is time to ask your friend Google. And don't be alarmed if postmaster of your friends' ISP bounced your email as it might contain virus - it is likely that someone who knows you might be infected, and the worm has harvested your email address off his/her hard drive! But it never hurts to do a scan on your own computer regularly...

Or just get a Mac :)