I am spammed by sober.U virus warnings and warings that messages can not be send to for example [email protected] They seem to be send from my own account [email protected] What can I do about this? How to stop that clamAV mails to the person who send teh virus? DOes somebody has advise? I checked all my pc's and there are no virus on them etc.. I added 3 parts of log file many thanks Raymond RayIT -------------------------------------------------------------------------- Dec 1 07:16:42 localhost postfix/qmgr[23657]: 2FAF0372851: from=<[email protected]>, size=999, nrcpt=1 (queue active) Dec 1 07:16:42 localhost TrashScan[8676]: ************************************************************************ Dec 1 07:16:42 localhost TrashScan[8676]: Suspicious code in mail attachment detected !!! Dec 1 07:16:42 localhost TrashScan[8676]: From: [email protected] Dec 1 07:16:42 localhost TrashScan[8676]: To: [email protected] Dec 1 07:16:42 localhost TrashScan[8676]: Subj: Your IP was logged Dec 1 07:16:42 localhost TrashScan[8676]: Date: Thu, 01 Dec 2005 06:09:55 GMT Dec 1 07:16:42 localhost TrashScan[8676]: Virus: Worm.Sober.U Dec 1 07:16:42 localhost TrashScan[8676]: Alert: Not sent Dec 1 07:16:42 localhost TrashScan[8676]: Notification: Messages sent to [email protected] and [email protected] Dec 1 07:16:42 localhost TrashScan[8676]: Check mail.virus !!! Dec 1 07:16:42 localhost TrashScan[8676]: ************************************************************************ ------------------------------------------------------------------------- MANY MESSAGES from=<[email protected]>, size=1002, nrcpt=1 (queue active) Dec 1 06:39:04 localhost postfix/qmgr[23657]: 8B09637293E: from=<[email protected]>, size=1002, nrcpt=1 (queue active) Dec 1 06:39:04 localhost postfix/qmgr[23657]: 877EF372911: from=<[email protected]>, size=1002, nrcpt=1 (queue active) ----------------------------------------------------------------------- MANY MESSAGES Dec 1 06:40:35 localhost postfix/qmgr[23657]: 8741D37282A: to=<[email protected]>, relay=none, delay=41828, status=deferred (delivery temporarily suspended: connect to relay7$ Dec 1 06:40:35 localhost postfix/qmgr[23657]: DDC1A372839: to=<[email protected]>, relay=none, delay=41822, status=deferred (delivery temporarily suspended: connect to relay7$ Dec 1 06:40:35 localhost postfix/qmgr[23657]: DC7F5372924: to=<[email protected]>, relay=none, delay=41750, status=deferred (delivery temporarily suspended: connect to relay7$ Dec 1 06:40:35 localhost postfix/qmgr[23657]: DFF2C37283F: to=<[email protected]>, relay=none, delay=41757, status=deferred (delivery temporarily suspended: connect to relay7$ Dec 1 06:40:35 localhost postfix/qmgr[23657]: 05ECC372860:
http://www.howtoforge.com/forums/showthread.php?t=911 The virus must not be on one of your computers. the email viruses chose the sender adresses randomly from the addressbooks of the infected computer.
thanks can I also do something against 1000 mails in the queue, except from postsupe -d ALL? 7C992372829 1000 Thu Dec 1 12:57:08 [email protected] (connect to relay7.ucia.gov[198.81.129.186]: Connection timed out) [email protected] 48491372761 1000 Thu Dec 1 12:57:05 [email protected] (connect to relay7.ucia.gov[198.81.129.186]: Connection timed out) [email protected] 4B85E372849 1000 Thu Dec 1 12:57:33 [email protected] (delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out) [email protected] 41EB737290D 1000 Thu Dec 1 12:57:59 [email protected] (delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out) [email protected] 63A2E37282D 1000 Thu Dec 1 12:57:08 [email protected] (connect to relay7.ucia.gov[198.81.129.186]: Connection timed out) [email protected] 69DD9372846 1000 Thu Dec 1 12:57:27 [email protected] (delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out) [email protected] 64BA337285B 1000 Thu Dec 1 12:57:42 [email protected] (delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out) [email protected] 6C2B7372902 1000 Thu Dec 1 12:57:53 [email protected] (delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out) [email protected] 61F64372921 1000 Thu Dec 1 12:58:19 [email protected] (delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out) [email protected] 66BCE372839 1000 Thu Dec 1 12:58:22 [email protected] (delivery temporarily suspended: connect to relay7.ucia.gov[198.81.129.186]: Connection timed out) [email protected] greetings Raymond
Its "postsuper -d ALL" I dont think there is another solution. Maybe you can write a script that deletes some mails selectively wit "postsuper -d [MAILID]".
Solved.. many thanks for advise ------------------------------------------------- mailq | tail +2 | awk 'BEGIN { RS = "" } # $7=sender, $8=recipient1, $9=recipient2 { if ($8 == "[email protected]" && $9 == "") print $1 } ' | tr -d '*!' | postsuper -d - ----------------------------------------------------- This deleted the messages..going to [email protected] greetings Raymond RayIT
