Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

anti virus 2

Status
Not open for further replies.
kaancho12

kaancho12

Technical User
Feb 22, 2005
191
any recommendations on anit-virus software for mailserver on linux (redhat ES 3.0) ??? we are using sendmail....also if some other people get email with username that doesn't exist in our system does this mean that the server is compromised?
thanks
ko12
 
Sort by date Sort by votes
I use Clam AV, which is pretty good. Trend Micro also has some Linux products for the commercial user.

I don't quite understand the second part. Who's getting the messages for the non-existent user? It could be a catchall mailbox, but normally such messages are rejected.
 
Upvote 0 Downvote
well we have several email accounts on our server such as: tim@server, jim@server etc....and I got an email from another webmaster saying that they got email from abc@server --but we do not have an account abc@server so i am guessing some spammer spoofed (not sure if this is the right term) the email address and sent email (along with virus attached) to them or the server is compromised by someone who is sending out spams and viruses. any idea?
thanks
ko12
 
Upvote 0 Downvote
It's most likely the From: was forged, it's unbelievably simple to do. I wouldn't worry about it unless the Received: headers show that it actually originated from your server. If they do show it originated from your server, then you have to ask yourself how much you trust the other person to have not altered them. If you believe him, *then* I'd worry that your system was compromised.
 
Upvote 0 Downvote
hi,
thanks for your reply. the webmaster had sent me the header of the file that they received and although the name of the server is ours the ipaddress right after it is not. so i am pretty sure that some spammer spoofed it. hmmm...still though i guess i should look at setting up clamAV or some other antivirus.
thanks
ko12
 
Upvote 0 Downvote
That's not enough, you probably also need to set up something akin to spamassassin and, for instance, drop all emails that originate from non-existent usernames on your server and so forth.

-Haben sie fosforos?
-No tiengo caballero, but I have un briquet.
 
Upvote 0 Downvote
Sorry, the link I just gave you was for updates. You can get the main code here




(very injured) Trojan.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Noway2
  • Locked
  • Helpful tip
Linux email server thoughts: was WHAT bad websites in virus forum
Replies
1
Views
37
kjv1611
kjv1611
64AMD
  • Locked
  • Question
AVG Anti-Virus and Linux
Replies
3
Views
48
64AMD
64AMD
juniorb2000
  • Locked
  • Question
Anti-Virus on OES Linux
Replies
5
Views
54
LawnBoy
LawnBoy
alanpaterson
  • Locked
  • Question
Good Samba Anti-Virus and backup
Replies
2
Views
24
thedaver
thedaver
foucaulo
  • Locked
  • Question
Searching a good Anti-Virus
Replies
3
Views
28
foucaulo
foucaulo

Part and Inventory Search

Sponsor

Back
Top