Help - virus/trojan/worm

Gunnar Wrobel wrobel at pardus.de
Wed Jan 14 16:20:14 CET 2009


Hi Florian,

Quoting Florian Beckmann <florianbeckmann at gmx.net>:

> Hi all,
>
> I have a problem with a virus/trojan/worm. Since only kolab-related  
> files have
> entries like
>
> 0208:03d9fda72723c1f79dfafefcfaf419bd:Trojan.Downloader-58153
> 382976:9e88346055a2baef59dc20fd0df1b880:Trojan.Agent-59155
> 313344:d257bcbdddccedb9bf6f02fd20f1f564:Trojan.Agent-59156
> 339968:23b593336ad2be91c00603fd221f37a4:Trojan.Agent-59157
> 126976:acb84f58d9f6a7a16c33fffd2e44b9e1:Trojan.Magania-7887
> 336896:0fa145272e152ea5785e04fd3209f524:Trojan.Agent-59158
>
> I guess it's related to kolab (or at least postfix?)?
>
> I wondered if someone here could help me to find out how this  
> happens and what I should/can/have to  do now.
>
> Related files are
> /etc/kolab/filter/config.php
>
> /etc/kolab/filter/config.php
> /etc/kolab/filter/config.php.old
> /etc/imapd.group
> /etc/postfix/ldapdistlist.cf
> /etc/postfix/ldaptransport.cf
> /etc/postfix/main.cf
> /etc/postfix/main.cf.old
> /etc/postfix/relocated
> /etc/ldap/slapd.replicas
> /etc/postfix/sasl/smtpd.conf
> /etc/postfix/transport
>
> All files were last modified at 12. Jan 13:44
>
> Debian Linux 2.6.26 with kolab 2.2.0-20080709.dfsg-2 0 from debian/unstable.

 From the problem report it is extremely hard to guess what is going  
on. What does the "Trojan.Agent-..." report mean and what kind of  
signature does it match to? If you see that signature in the config  
files written via kolabconf it is unclear why they are not reported in  
the templates for these files. And it is hard to imagine that someone  
modified kolabconf on your machine so that it includes malware into  
the files it writes.

Maybe you should also contact the Debian maintainers of your Kolab port.

Cheers,

Gunnar

>
> Thx in advance
> Florian Beckmann
>
> --
> Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit  
> allen: http://www.gmx.net/de/go/multimessenger
>
> _______________________________________________
> Kolab-users mailing list
> Kolab-users at kolab.org
> https://kolab.org/mailman/listinfo/kolab-users
>



-- 
______ http://kdab.com _______________ http://kolab-konsortium.com _

p at rdus Kolab work is funded in part by KDAB and the Kolab Konsortium

____ http://www.pardus.de _________________ http://gunnarwrobel.de _
E-mail : p at rdus.de                                 Dr. Gunnar Wrobel
Tel.   : +49 700 6245 0000                          Bundesstrasse 29
Fax    : +49 721 1513 52322                          D-20146 Hamburg
--------------------------------------------------------------------
    >> Mail at ease - Rent a kolab groupware server at p at rdus <<
--------------------------------------------------------------------


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.kolab.org/pipermail/users/attachments/20090114/0e7d8579/attachment.sig>


More information about the users mailing list