anyone know of an effective offensive to stop an email bomber? I'm getting bombed with viruses which in and of itself pose no threat to my system. However they do end up wasting a lot of my time which translates into an effective DOS attack.

My antivirus measures kick in before the viruses can do any damage. However I can not identify the culprit because the file is deleted/quarantined by my antivirus measures upon detection.

Anyone know of a server measure (Perl, apache, or RedHat) I can implement to access the emails header information?

Just trace the IP address then block it at server level. Then inform their ISP of what they're doing and have their net connection terminated.

Greg Moore

Just trace the IP address then block it at server level. Then inform their ISP of what they're doing and have their net connection terminated.


Can you please tell how to block IPs using Iptables? I am also facing the problem with multiple fake/spam Orders and wants to block the visitor.

Thanks.

Shikha, use google.

Viruses should be handled locally (as your current anti-virus software is doing) or if you really hate them then subscribe to a mail service that will prefilter for you.

It does not make sense to stop accepting mail from people who have sent you a virus. They aren't like spammers: they don't send them on purpose.

Luxmore:

Perhaps you misunderstood. This person was purposely bombing two of my email accounts. In fact the messages were enc (vius.enc) to launch upon addition to the inbox.

This attack had been going on for several days. First mild then moderate and when they saw they were having little or no effect it got insane.

I was inudated with 100(+) messages in one account and 2 dozen more in another account in less than 3 minutes.

Norton is not effective at this level and furthermore does not actually delete viruses when you handle them locally. It stores them in a protected directory and/or quarantine.

I did some research at McAffee and found a free standalone product that specifically addresses these 11 trojans. When I ran it I realized Norton's ineffectiveness.

In any event the answer to this question is to instruct your mail program to leave mail on the server and then read your mail on the server. Retrieve the header information and block the IP and any other uniquely identifying information in the email from the server.

It took me a minute to remember this but once I did I put an end to this nonsense.

My thanks to all who have responded.

Oh one more thing the above remedy only works on systems unaffected by the virus. In this case the virus affects windows, but the server is unix so it was no problem retrieve the header info from the server.

One piece of software that has caught my attention is Inflex - http://pldaniels.com/inflex/. It is a solution to the problem of scanning local and outbound emails passing through your server.

I don't have any further input about it. I've toyed with the idea of implementing such a system anyways, and thought I'd mention it.

Best of luck.