Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

mydoom

Status
Not open for further replies.

venkman

Programmer
Oct 9, 2001
467
US
I've received 2 email responses in the last 12 hours. 1 was from AOL saying it was rejecting an email from me that I never sent. The other was from a french company saying that I sent them an email with mydoom in it (I think... I don't read french). The AOL email was addressed directly to me, the french one was addressed to a username that I don't use at my domain (all email sent to domain, no matter what username, goes to the same mailbox).

I run only linux and OS X computers, and have not checked my email from any windows machines, other than through horde, in the last month. my logs show only normal remote accesses I did via ssh and imap (unencrypted), none of which I logged in as root. My maillog from sendmail shows no record of sending the emails that the responses were to.

Can I safely assume that I do not have a virus on my mail server? To my knowledge mydoom is a windows only worm, and I've also heard it spoofs the from address. I'm thinking it's likely that it spoofed 2 addresses which contained my domain in them.

What does everyone else think? Do I have a virus? Should I be worried? Is there a way to check?

-Venkman
 
yeah, that's what I figured; I just wanted to hear it from someone else.

Thanks,
Venkman
 
As I understand it, the messages originate from an infected (Windows) machine belonging to somebody who has sent you an email at some time (or should that be "... who has you in their address book"?). As smah said, the From: line is modified using a random address - in this case, yours.

So it seems that the only thing of which you can be certain is that _these_ messages did not originate from your machine.
 
I agree with the previous posts: it's highly unlikely that you're system(s) contain the virus.

To be absolutely (or at least, as absolutely as possible...) sure, you can download a virusscanner for Linux (get an Eval version here: or search the internet for free versions; there might still be some available for linux!)
 
nah, I just assumed it was nothing. My tendency towards laziness over caution won out. ;)

-Venkman
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top