RE: [Qmail-scanner-general]Worm.Sobig.F

ehalf Of Dallas L. Engelken > Sent: Friday, August 22, 2003 5:37 PM > To: CertaintyTech; ML qmail-scanner > Subject: RE: [Qmail-scanner-general]Worm.Sobig.F > > > > -Original Message- > > From: CertaintyTech [mailto:[EMAIL PROTECTED] > > Sent: Friday,

RE: [Qmail-scanner-general]Worm.Sobig.F

> -Original Message- > From: CertaintyTech [mailto:[EMAIL PROTECTED] > Sent: Monday, August 25, 2003 11:25 AM > To: Dallas L. Engelken; 'ML qmail-scanner' > Subject: RE: [Qmail-scanner-general]Worm.Sobig.F > > > Shouldn't the last entry in the acce

Re: [Qmail-scanner-general]Worm.Sobig.F

> > Please don't ask me how to do that - that's not a 5-sec task and touches > upon several aspects of your IS infrastructure. Of course, I'm always > available as a consultant... ;-) Not a 5 second task? I do it with one line of iptables... iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --d

Re: [Qmail-scanner-general]Worm.Sobig.F

On Fri, Aug 22, 2003 at 08:33:58AM -0400, Bill Moran wrote: > Sobig uses it's own SMTP engine, so it doesn't use your mail > relay, so it bypasses qmail-scanner. You can prevent it from > coming _in_, but not from going out, with qmail-scanner. You can stop that if you do transparent proxying of

Re: [Qmail-scanner-general]Worm.Sobig.F

Matt wrote: I'm sorry that was entirely my fault... I phrased that wrong I want to silentize the sobig worm becuase of the face that the sender address isn't correct, and right now qmail-scanner is bouncing messages back to the sender with virus messages... What do I put in the silent portion

RE: [Qmail-scanner-general]Worm.Sobig.F

> -Original Message- > From: CertaintyTech [mailto:[EMAIL PROTECTED] > Sent: Friday, August 22, 2003 12:04 PM > To: 'ML qmail-scanner' > Subject: RE: [Qmail-scanner-general]Worm.Sobig.F > > > > option 1) restrict all outbound destination port 25 t

Re: [Qmail-scanner-general]Worm.Sobig.F

I'm sorry that was entirely my fault... I phrased that wrong I want to silentize the sobig worm becuase of the face that the sender address isn't correct, and right now qmail-scanner is bouncing messages back to the sender with virus messages... What do I put in the silent portion? sobig? sob

RE: [Qmail-scanner-general]Worm.Sobig.F

> option 1) restrict all outbound destination port 25 traffic from your > internal lan, except for the mail server IP's. they are the only ones > that should be sending the mail anyhow. (exceptions to this would be > direct sendmail deliveries from clients...). > > ...snip... > > Dallas > Do

RE: [Qmail-scanner-general]Worm.Sobig.F

> -Original Message- > From: Bill Moran [mailto:[EMAIL PROTECTED] > Sent: Friday, August 22, 2003 7:34 AM > To: Matt > Cc: ML qmail-scanner > Subject: Re: [Qmail-scanner-general]Worm.Sobig.F > > > Matt wrote: > > How can I prevent the sobig worm from goi

Re: [Qmail-scanner-general]Worm.Sobig.F

Matt wrote: How can I prevent the sobig worm from going out to people? Get it off your workstations. Sobig uses it's own SMTP engine, so it doesn't use your mail relay, so it bypasses qmail-scanner. You can prevent it from coming _in_, but not from going out, with qmail-scanner. -- Bill Moran Pot