On Thu, 2010-01-21 at 13:34 -0500, Carlos Williams wrote: > Every day I am notified from ClamAV that the following IP > "75.112.128.242" is sending me a Virus / Trojan: > > ************************************************************************ > > A virus was found: Trojan.Delf-5385 > > Banned name: .exe,.exe-ms,postcard.htm ... .exe > Scanner detecting a virus: ClamAV-clamd > > Content type: Virus > Internal reference code for the message is 28594-11/qO-PxfSzvjHV > > First upstream SMTP client IP address: [75.112.128.242] unknown > According to a 'Received:' trace, the message apparently originated at: > [75.112.128.242], hallmark.com unknown [75.112.128.242] > > Return-Path: <postca...@hallmark.com> > From: postca...@hallmark.com > Message-ID: <20100121161108.b572977a...@mail.iamghost.org> > Subject: You've received A Hallmark E-Card! > The message has been quarantined as: virus-qO-PxfSzvjHV > > Notification to sender will not be mailed. > > ************************************************************************ > > I guess I don't know what I should do in order to stop this from > coming into my email server. Do I block him via Postfix via IP or do I > report him some how to that he is blacklisted via Spamhaus or > something similar? > _______________________________________________ There are a couple of things the MTA could be doing to block this. One is a blacklist, the other is related to the PTR of the host
1. 75.112.128.242 BLACKLISTED: b.barracudacentral.org 2. PTR ERROR: HOST 75-112-128-242.net.bhntampa.com HAS NO A RECORD. 3. You can take this up with: BRIGHT HOUSE NETWORKS But my own dealings with them have not been productive. This is not really a 'clam' issue, but hth. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
