I keep getting returned messages that I know I didn't send. I am using Ubuntu 11.04 64 bit 6 gig of RAM. How could I find out what is sending these emails.
And does a virus program like Avast or Clam only check for viruses in files from Windows or can it check for viruses from a different file layout like Linux? I often have wondered about that.

Thanks for any help.

It is almost certainly the case that someone else, somewhere in the world, is sending out (spam...) emails with your return-address on them. And unfortunately there's nothing you can do about it, because the e-mail handling system of the Internet was never built with security and accountability in mind. I can send an e-mail to you "from god@heaven.com," and it will go through. If it bounces, God gets the grief. (Hey, the Devil made me do it ...)

So you don't think I have a virus on this box? I have always believed that Ubuntu doesn't get viruses but this incident got me to wondering about that.

About the virus scanning question would a virus pattern on a Windows box be the same as on a Linux box? In other words would it see a virus on Linux and be accurate?
Thanks for the respond.

You rarely see Linux virus' although they do exist. Even if you do manage to get one, they dont seem to cause mass destruction like on a Windows Box. I agree 100% with sundialsvcs, that someone is spamming your email with your return address on them. One measure to calm your nerves about it not being a rootkit or virus, maybe fire up Wireshark and see if any stray or weird packets are sent out. Virus's and rootkits normally sent out stray packets to a control server somewhere. However even then, if well designed, would be silent.

I wish you all the best, but i doubt you've got a virus.

Kind Regards

Look at the FULL headers for one or more of those emails. You will probably find yourself listed at the very bottom with the actual spammer listed above you. It is unfortunate, but a common tactic to spoof the header with an innocent party in the spam attempt. This causes a double-whammy in the email system in that extra traffic is generated and hassle is created for someone else.

Especially if it is a service like a hotmail, gmail, or yahoo, that is in question, at a minimum I would change your password(s), just as a precaution.

For you edification, you might also want to post the header and email through spamcop and get the technical report about the spam. It will probably provide a lot of information regarding the spammer's relay chain. If you do desire or need to take action, this could be valuable information for your case.

The first thing I would do is mount /home noexec,nodev. Also make sure your browser is set to cache in your home directory. Clear your cache if it is not and change the cache setting.

If you did not make a partishion for /home during install you can use cat to join large files together. Format and loop mount the file noexec,nodev. Move your files from /home to the new partition, than mount the new partition as /home noexec,nodev.

This will in theory kill many Linux virus.

0 members found this post helpful.

Uhhh. I think you should read about UNIX architecture like separation of privileges and stuff before you post things like that.

1 members found this post helpful.

One possibility that nobody has mentioned yet is that you're running an unsecured mail daemon, and someone is using you as a spam relay. I actually saw this done to a mainframe once.

They'll check for any known virus signatures, no matter the file type.

I have been using Linux and contributing 1995. There is no real reason for code to be executed in /home

My systems have been setup as indicated above since 1999 with few very minor changes to programs. I welcome peer review and willing to demonstrate function.

Actually if you're running a true multi-user environment, there is every reason to allow code to be executed in /home, it is MUCH more secure. Heck, even on my single user systems, I don't see any reason to ban executables from /home, provided the permissions are proper and there isn't something dumb like blanket sudo privileges with no password.

Thanks for the help guys.
So far here is what's going on with this.
I turned the source of the email into Spamcop and after the second day so far I haven't gotten anymore.
I don't know if it is that this Spam Cop really worked or they will start back again.
Thanks for the help.

The reason for not allowing code to run in /home is to limit damage from downloads when the linux virus becomes more common. I find a large number of windows virus in the equivalent of /home. Applying selinux to limit what apps can do. I expect the Linux virus to some day become more common.

When you do programming projects, not being able to execute anything in /home makes it impossible to work. Also, what if you want to run a downloaded script, or have a directory under /home in your PATH so that you can run commands without installing them?

I do programming projects in Virtualbox. I also test scripts in VM before I allow them on real computers. MY only project not in Virtualbox are my GNS3 cisco router projects. They are on a dedicated computer.

WTF does that mean?