Virus alert mentioned over 2x500 times

Richard Bos radoeka at xs4all.nl
Mon Aug 15 21:25:04 CEST 2005 

My kolab (2.0.1) server got hit by a virus alert.  No problem I would, but the 
same alert is being sent out more than 500 times twice.   I wonder how that 
happened, perhaps you can help me with the analysis:

The first virus alert started at:
Date: Fri, 12 Aug 2005 15:45:21 +0200 (CEST)
Subject: VIRUS (Worm.Bagle.BB-gen) IN MAIL TO YOU

After that it would come in every 5 minutes:

3.:Date: Fri, 12 Aug 2005 15:56:41 +0200 (CEST)
4.:Date: Fri, 12 Aug 2005 16:03:32 +0200 (CEST)
5.:Date: Fri, 12 Aug 2005 16:08:08 +0200 (CEST)
6.:Date: Fri, 12 Aug 2005 16:12:53 +0200 (CEST)
7.:Date: Fri, 12 Aug 2005 16:17:01 +0200 (CEST)
8.:Date: Fri, 12 Aug 2005 16:21:54 +0200 (CEST)
9.:Date: Fri, 12 Aug 2005 16:26:28 +0200 (CEST)

Later on a second one joined (7 hours later).  The last part of the two:
1042.:Date: Sun, 14 Aug 2005 12:33:48 +0200 (CEST)
1041.:Date: Sun, 14 Aug 2005 12:33:47 +0200 (CEST)
1043.:Date: Sun, 14 Aug 2005 12:38:37 +0200 (CEST)
1044.:Date: Sun, 14 Aug 2005 12:38:40 +0200 (CEST)
1046.:Date: Sun, 14 Aug 2005 12:43:13 +0200 (CEST)
1045.:Date: Sun, 14 Aug 2005 12:43:13 +0200 (CEST)
1047.:Date: Sun, 14 Aug 2005 12:47:46 +0200 (CEST)
1048.:Date: Sun, 14 Aug 2005 12:47:48 +0200 (CEST)
1050.:Date: Sun, 14 Aug 2005 12:52:22 +0200 (CEST)
1049.:Date: Sun, 14 Aug 2005 12:52:20 +0200 (CEST)

1049. was the last one...

One particularity: I use fetchmail to retrieve the messages from the provider 
every 30 minutes.  There were only 2 incoming messages....

Is this a misconfiguration on my site, something else??

BTW: the virus scanner stopped by itself.

------------------
The first msg contained
VIRUS ALERT


Our content checker found
    virus: Worm.Bagle.BB-gen
    banned name: multipart/mixed | 
application/octet-stream,.zip,To_reduce_the_t
ax.zip | .exe,.exe-ms,Taxes.exe
in an email to you from:

  digec at school-leiden.nl

First upstream SMTP client IP address: [127.0.0.1] localhost

According to the 'Received:' trace, the message originated at:
  [67.78.83.10]
  CoreBenefits4.net (rrcs-67-78-83-10.sw.biz.rr.com [67.78.83.10])

Our internal reference code for this message is 19339-07.
The message has been quarantined as:
  virus-lgLifvGQVFSa


2nd msg:
VIRUS ALERT

Our content checker found
    virus: Worm.Bagle.BB-gen
    banned name: multipart/mixed | 
application/octet-stream,.zip,The_reporting_o
f_taxes.zip | .exe,.exe-ms,Taxes.exe
in an email to you from:

  digec at school-leiden.nl

First upstream SMTP client IP address: [127.0.0.1] localhost

According to the 'Received:' trace, the message originated at:
  [200.75.93.231]
  Cartera.org (adsl200-75-93-231.epm.net.co [200.75.93.231])

Our internal reference code for this message is 22980-01-6.
The message has been quarantined as:
  virus-u7uYtqtrhvz4

-- 
Richard Bos
Without a home the journey is endless

-- 
Richard Bos
Without a home the journey is endless

More information about the users mailing list