Results 1 to 5 of 5
-
07-11-2005, 03:54 AM #1Newbie
- Join Date
- Dec 2004
- Posts
- 15
Need Help: Virus spreading via mail server
I have a virus e-mail spreading around inside a server and I was wondering if this is a new issue. I am seeking for technical assistance for those experiencing this before..
It keep sending in using support@mydomainname.com, service@mydomainname.com, mail@mydomainname.com
*mydomainname.com is just an example of my actual domain name hosted in the server.
From: service@mydomainname.com
To: popaddress@mydomainname.com
Subject: Warning Message: Your services near to be closed.
Dear Mydomainname Member,
We have temporarily suspended your email account popaddress@mydomainname.com.
This might be due to either of the following reasons:
1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.
See the details to reactivate your Hive account.
Sincerely,The Mydomainname Support Team
+++ Attachment: No Virus (Clean)
+++ Mydomainname Antivirus - www.mydomainname.comFrom: support@mydomainname.com
To: popaddress@mydomainname.com
Subject: Your new account password is approved
Dear user popaddress,
You have successfully updated the password of your Mydomainname account.
If you did not authorize this change or if you need assistance with your account, please contact Hive customer service at: support@mydomainname.com
Thank you for using Mydomainname!
The Mydomainname Support Team
+++ Attachment: No Virus (Clean)
+++ Mydomainname Antivirus - www.mydomainname.com
Viruses found in the attached files.
The file email-password.zip: Virus identified I-Worm/Mytob.HM. The attachment was moved to the virus vault.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.11/45 - Release Date: 7/9/2005
Where & how do I get started to remove this issue from my server? I have sent a ticket to The Orbit (where my server is with ThePlanet) and they aren't aware of it at all..
Anything I must know or websites I can read, please post up a reference. Thanks!
-
07-11-2005, 05:43 AM #2Web Hosting Master
- Join Date
- Feb 2002
- Location
- Vestal, NY
- Posts
- 1,381
Your server is not infected with a virus. However, other PCs that ARE infected with the virus are sending it to common addresses @yourdomain and your user's domains. You can setup a server-side filter with anti-virus mail software such as ClamAV. This worm has been spreading very quickly around the net lately. It should die down like any other as it starts to get removed from infected PCs.
H4Y Technologies LLC .. Since 2001!!
"Smarter, Cheaper, Faster" - SMB, Reseller, VPS, Dedicated, Colo hosting done right.
ZERO PACKETLOSS, ZERO DOWNTIME Dedicated and Colo - USA: IA, CA, NC, OR, NV
**http://h4y.us** **http://iwfhosting.net**Voice: (866)435-5642. *** askus at host4yourself d0t com
-
07-11-2005, 07:17 AM #3Newbie
- Join Date
- Dec 2004
- Posts
- 15
i can tell you it's strange but it knows my e-mail address added inside the cpanel which i don't give out. this problem are also affecting my clients hosted in the server.
anyhow, i am now on a new rig and i don't believe my new pc is infected with this virus.
just hours ago i saw few exim process in viewing top process. server load was high and i receive another 3 similiar more emails.
if this is spreading from my PC, i am using AVG free and i have scanned by whole PC system on this new rig -- no virus found. what's your suggestion?
-
11-21-2005, 06:58 AM #4WHT Addict
- Join Date
- Jan 2005
- Location
- Baghdad, Iraq
- Posts
- 172
Well ... I have exactly the same problem, I updated the ClamAV & made a manual scan for 3 sites & ClamAV found the Virus.
Is there a command to do a scan mail for the Whole server emails??The Dream is the blueprint of success, the hope is the budget and hard working is the achievement
-
11-21-2005, 08:29 PM #5Junior Guru Wannabe
- Join Date
- Nov 2005
- Location
- Maidstone, Kent
- Posts
- 94
My advice would be (if you have access to do so) add SPF records to your DNS (if you dont have access then ask your provider if they will.
Its a txt record in the DNS entry and should (probably) be: "v=spf1 a mx ptr -all" (without the quotes)
This basically says to your email server... your domain will Only send emails from spesific server ips. The IPs it will allow are any that are referenced in your DNS as A or MX records (this will be your www.yourdomain.com server and your mail server)
That will stop you (and anyone else) from recieving emails from your domain that you didnt send !
Hope that helpsTME Solutions - eCommerce Web Designers - Visit our Web Design Portfolio