LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-28-2004, 02:46 AM   #1
citizen_x
LQ Newbie
 
Registered: Apr 2004
Posts: 6

Rep: Reputation: 0
viruses need help


Hi all dont think ihave posted on this board before but hey there is a first time for everything.

ive setup a small network using red hat linux 7.2 < i think > as my e-mail server, and am also using it for people to browes the net. < im using sendmail >

all the other machines on the network vairy from windows 2000 pro to Xp.

as far as i know i donot have any virus protection on the mail server < i am lead to belive linux dosnt get affected by viruses, " i find this hard to belive" >.

my ISP is suposed to have some sort of protection and is ment to scan any messages i send or recive.

thats a description on what my network is setup as now for the problem at hand

most of the machines with in the network are reciveing e-mails from people or e-mail address they donot know, informing us that we tried to send them an e-mail which was infected with a virus. " it gives us a report of the virus and how many files were infected".
how is it that somone i donot know sends me a e-mal informing me that i sent them a e-mai which was infected with a virus if i didnt even have their address in my address book ???.

the other problem im having is that when we do get a virus in an e-mail its the workstation < windows machine, we using norton and AVG on the workstations > that picks up the virus.
how did the virus get past my ISP and my server ??

sorry if this e-mail is a bit long but very fustrated and running out of ideas to try

always x < any sugestions for visus proctection i can use please let me know >
 
Old 04-28-2004, 03:43 AM   #2
dopefish
Member
 
Registered: Nov 2003
Location: Northcliffe, WA
Distribution: Slackware 12.0
Posts: 481

Rep: Reputation: 30
Do a search on google for linux virus scanner
Your ISP probably only scans viruses on its own mail server rather than mail going between different mail servers.
 
Old 04-28-2004, 06:11 AM   #3
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
My boss got a angry e-mail form someone getting blank e-mails from her. However, her computer scanned ok. The viruses will spoof the sending address. They probably got your name from someone elses address book. However, adding virus protection for your email server would be a good idea.

Last edited by jschiwal; 04-29-2004 at 06:17 PM.
 
Old 04-29-2004, 01:36 AM   #4
citizen_x
LQ Newbie
 
Registered: Apr 2004
Posts: 6

Original Poster
Rep: Reputation: 0
i think i have done a search for that already < didnt have any luck >
i was told to also do a search for CLAW ? < not luck either >
would like to use somthing somone has experiance with, im not int linux too much infact i only know a few commands, so would probably need a lot of help setting it up you know need somone to hold my hand. so if you have any ideas please.

thanx's
 
Old 04-29-2004, 06:43 AM   #5
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
I believe you are thinking of CLAMAV.
 
Old 04-29-2004, 06:10 PM   #6
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
There's a commercial product called ServerProtect by Trend available for linux servers.
 
Old 04-29-2004, 11:57 PM   #7
icehenge
Member
 
Registered: Jan 2004
Location: Tennessee
Distribution: Slackware 8.1 (KDE 3.0.1)
Posts: 69

Rep: Reputation: 15
While it is correct to continue in your direction and quest for email virus
protection on the system and server ends, you should know that email spoofing
seems to be quite popular. I work for real estate agency and when one of the
viruses spread across the Internet their email boxes take a pounding. Many
emails are along the links of "this email has been returned because it was found
to have a virus" many times this is their mail server that does the scanning and
rejecting.

One check to do is shut down the suspected infected system. For example turn it
of on the weekend while the user out of office. Do the infected emails warning
messages still continue to arrive during the weekend? I bet they might. I'd
suspect that system is not sending the emails and that users name is being
spoofed as the sender.

Spammers are such nice people hu?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
viruses? firedance Linux - Security 5 04-16-2007 07:45 PM
When it comes to Viruses......??? unixfreak Linux - Security 3 08-27-2004 03:51 AM
Viruses teyesahr Linux - Newbie 2 09-09-2003 11:55 AM
viruses nautilus_1987 Linux - General 5 10-04-2002 11:30 PM
Viruses? Will Linux - Security 2 11-08-2001 12:04 AM


All times are GMT -5. The time now is 12:01 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration