Virus alert mentioned over 2x500 times
Bernhard Reiter
bernhard.reiter at intevation.de
Mon Aug 15 22:01:35 CEST 2005
Am Montag, 15. August 2005 21:25 schrieb Richard Bos:
> My kolab (2.0.1) server
There is no 2.0.1 Kolab Server yet.
You probably have a 2.0.1pre1.
> got hit by a virus alert. No problem I would, but
> the same alert is being sent out more than 500 times twice. I wonder how
> that happened, perhaps you can help me with the analysis:
>
> The first virus alert started at:
> Date: Fri, 12 Aug 2005 15:45:21 +0200 (CEST)
> Subject: VIRUS (Worm.Bagle.BB-gen) IN MAIL TO YOU
>
> After that it would come in every 5 minutes:
>
> 3.:Date: Fri, 12 Aug 2005 15:56:41 +0200 (CEST)
> 4.:Date: Fri, 12 Aug 2005 16:03:32 +0200 (CEST)
> BTW: the virus scanner stopped by itself.
> One particularity: I use fetchmail to retrieve the messages from the
> provider every 30 minutes. There were only 2 incoming messages....
>
> Is this a misconfiguration on my site, something else??
This is hard to tell without analysis.
You need to find out which component is sending out this virus message.
For this, you should try to follow the email throughout the system.
Start with the postfix log.
The amavis log will also be interesting.
Bernhard
More information about the users
mailing list