Some more info...
I see in our amavis logs on our ClamAV system (postfix pre-filter FreeBSD for email) this kind of listing...
/usr/local/sbin/amavisd[35705]: (35705-10) Blocked INFECTED (Worm.Sober.P), <[EMAIL PROTECTED]> -> <f-Ge2_bV@<address snipped>>, Hits: -, tag=0, tag2=4, kill=4, L/0/0/0
That address had been hammering us over and over for awhile with sober.p. Now it's become quiet.
I notice a huge amount of german messages coming in, getting past the AV and our spam filter. I went into the Exchange server and there was one sample message in one of the recipient mailboxes with the following in the headers:
Received: from oncsbuv.com (aolclient-24-25-128-223.aol.nycap.res.rr.com [24.25.128.223])
The message has the German subject line and the text appears to be just a link to a website...?
Perhaps we now know what happened to sober.p?
(anyone know offhand how to use the access file for postfix to reject a message by *sender* instead of recipient?)
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
