Re: Mass Mailing worm problem, please help

From: David Postill (david_at_postill.org.uk)
Date: 08/28/04 

Date: Sat, 28 Aug 2004 04:35:14 GMT

In article <cgnq17$bog2@imsp212.netvigator.com>, on Sat, 28 Aug 2004 01:11:18 +0800, "chris"
<router88@sinaman.com> wrote:

Please don't top post.

| Thanks for your advise, David...But I would like to ask how can I identify
| which kind of virus the pc is infected if I found a mass mailing activities
| from a PC listed in the log file? As I know there are many kind of worm
| which lead to mass-mailing activities....

There are many virus and trojan detectors available.

Here are some links you can explore...

AntiVirus Tools

<http://lists.gpick.com/pages/AntiVirus_Tools.htm> AntiVirus Tools Links

<https://netfiles.uiuc.edu/ehowes/www/soft1.htm> AntiVirus Tools Links

Trojan Protection

<http://lists.gpick.com/pages/AntiTrojan_Tools.htm> AntiTrojan Tools Links

<https://netfiles.uiuc.edu/ehowes/www/soft5.htm> AntiTrojan Tools Links

|
| CHRIS
| "David Postill" <david@postill.org.uk> ???
| news:87hui0l7j7jsv668ui4nl42rtsgi6v25c9@4ax.com ???...
| > In article <cgn9eb$bou1@imsp212.netvigator.com>, on Fri, 27 Aug 2004
| 20:28:11 +0800, "chris"
| > <router88@sinaman.com> wrote:
| >
| > | Hi All,
| > |
| > | I got a very serious problem. My email server keep having the "relaying
| > | denied" message and I think some of my clients' pc got infected.
| However,
| > | the email didn't show which pc or from which IP address the email are
| sent
| > | from. Therefore, I would like to know how can I check it out or any
| software
| > | can help??? And also, how can I identify which virus my clients' pc are
| > | infected. As it made us can't send out any email with message below
| > |
| > | Mail server: WinRoute Pro 4.2.5 at ctw.com.hk
| > | Error description: message could not be delivered, server replied:
| > | 550 5.7.1 <teix@ter.hk>... Relaying denied
| > | Original message is attached.
| > |
| > | Anyone can help?? Please help me...Thanks alot.
| >
| > What's wrong with looking at the server logs?
| >
| > From <http://kerio.apposite.com.hk/product/winroute%20_pro/mail.htm>:
| >
| > "Logging: For diagnostic and regulatory reasons the Kerio WinRoute
| > administrator can trace all email processing using the Mail and Debug
| logs."

<davidp /> 

-- 
David Postill

Relevant Pages

  • Re: [fw-wiz] Blocking email through the web services
    ... >> scanning engine to scan incoming http traffic. ... > Virus scanning on HTTP helps, if viruses are all you worry about. ... unfortunately going through the output from the proxy logs consumes ... We use a proxy appliance, ...
    (Firewall-Wizards)
  • Re: Secured IIS Project - msg 2
    ... DSHIELD. ... logs to his addresses until further notice. ... Delivery co-sponsored by Trend Micro ... TREND MICRO REAL-TIME VIRUS ALERTS ...
    (NT-Bugtraq)
  • Re: if edb.log was deleted
    ... And a virus would likely ruin the log so Exchange would crash trying to read ... This posting is provided "AS IS" with no warranties, and confers no rights. ... And the exchange transaction logs will not have ...
    (microsoft.public.exchange.admin)
  • Re: computer sending emails
    ... You can take the time to download and install it, ... Usenet Groups are not the place to get help with HJ Logs, ... Lipman as he is the resident anti virus guy... ... Sorry about the rude reply from legos... ...
    (microsoft.public.windowsxp.security_admin)
  • SUMMARY: System logging in batches
    ... > This does work, however, the STDOUT part logs to the file in batches. ... > are not the intended recipient you are strictly prohibited from using, ... We use reasonable endeavours to virus scan all ...
    (SunManagers)