Articles tagged in virus

  1. Quarantined

    One week of running Clam Anti-Virus and amavisd-new has resulted the following viruses quarantined:

    Virus Quantity
    Worm.SomeFool.Gen-1 85
    Worm.SomeFool.P 62
    Yaha.P 6
    Worm.SomeFool.Gen-2 1
    Total: 154

    Interesting to note that, out of all the emails that have been quarantined, 119 (or 77.3%) of them are addressing one of the FOCUS mailing lists, with potential to reach out 300+ subscribers.

    It is great to know the defense works.

    Around 20% of Worm.SomeFool.Gen-1 is sent by this person on the Optus dialup network. By checking various logs, I found out that he/she also reads the FOCUS website and Tim's weblog. Tim has issued a wanted notice on his blog, and hopefully someone would own up.

    Actually, I think I can guess who the person might be (from my collected logs + an educated guess). A "she". Good luck Tim for the hunt!


    For anyone who came to this page looking for information on SomeFool.Gen-x virus, it is just another name for NetSky worm. There are lots of information available on the net. If you can't find it, maybe it is time to ask your friend Google. And don't be alarmed if postmaster of your friends' ISP bounced your email as it might contain virus - it is likely that someone who knows you might be infected, and the worm has harvested your email address off his/her hard drive! But it never hurts to do a scan on your own computer regularly...

    Or just get a Mac :)

  2. Running Postfix + AMaViS + Clam AntiVirus

    I have just got Postfix on my Mandrake Linux box to talk to Clam AntiVirus via amavisd-new, which also does spam filtering as well. It uses Postfix's content filtering interface to pipe the incoming emails through another SMTP server to quarantine potential viruses. Because AMaViS also integrates with Spam Assassin, I have thus dropped my procmail script that does spam checking at local drop.

    The installation is quite straight forward, except maybe the Perl modules as I have a broken CPAN configuration. Everything seems to be working fine so far. Last night it has successfully quarantined 20+ incoming Worm.SomeFool.Gen-1, one Win32.Yaha.P and a few different spams. Still trying to work out who is that MTS guy on the Optus network that has caught the virus...

    The only complain I have is probably the amount of resources it requires to run Clam AV + AMaVis. When the daemons bootstrapped, clamd uses around 12Mb RSS and 3 instances of amavisd are running at 20Mb each! Scanning each incoming email would take at least 3 seconds on my aging dual 400Mhz Celeron. I wonder how would a large deployment would cope.

  3. Virus Attack!

    W32/Beagle.A, an email virus, has been hitting our email server recenly, from the amount of emails titled "Hi" coming into Postfix. We have emails from a friend in Singapore, but originated from the BigPond network. Emails from Korea and Hong Kong, etc - suddenly all our friends decided to come in and say "Hi" with an executable in the attachment. Not the kind of happy new chinese year message we want...