Facebook
Twitterwired-circuit
New Pleskian
Apologies if there is a thread somewhere already on this topic, I have looked and have been unable to find anything. Please before replying, consider your response and don't place negative unhelpful comments;
Over the last few weeks I have seen an increase in virus notifications sent to the administrator account, the messages infer that the virus has been deleted, but do not confirm the action taken.
My question is in three parts;
Example Message
It certainly looks like the virus was detected and deleted "was not delivered because it contains an infected object", but I have concerns, especially because other domains hosted are now receiving these messages.
Over the last few weeks I have seen an increase in virus notifications sent to the administrator account, the messages infer that the virus has been deleted, but do not confirm the action taken.
My question is in three parts;
- What is the default anti-virus action?
- How can I manage the anti-virus options?
- Have you any recommendations for reduction of attacks?
Example Message
It certainly looks like the virus was detected and deleted "was not delivered because it contains an infected object", but I have concerns, especially because other domains hosted are now receiving these messages.
Code:
Dear Postmaster,
A message with the following attributes was not delivered because it contains an infected object.
Sender = office@autokreditbank.ru (may be forged)
Recipients = tony@receipent.com
Subject = Wells Fargo Advisors
Message-ID = <6683296662.SP71APQX173917@nrvhso.mlrtbz.tv>
--- Antivirus report ---
The following viruses were found:
Known virus(es):
Trojan.DownLoad3.28161
Detailed report:
127.0.0.1 [8644] drweb.tmp.6y2liE - archive MAIL
127.0.0.1 [8644] >drweb.tmp.6y2liE/5.part - archive ZIP
127.0.0.1 [8644] >>drweb.tmp.6y2liE/5.part/report.pdf.exe infected with Trojan.DownLoad3.28161
127.0.0.1 [8644] >drweb.tmp.6y2liE/6.part - Ok
127.0.0.1 [8644] >drweb.tmp.6y2liE/7.part - Ok
Scanning statistics:
Known viruses : 1
--- Antivirus report ---
The original message was stored in an archive record named:
drweb.quarantine.vUUPHw
X-No-Relay: not in my network
Received: from bb116-15-131-196.singnet.com.sg (bb116-15-131-196.singnet.com.sg [116.15.131.196])
by myhostname.com (Postfix) with ESMTP id E0464922DE4
for <tony@receipent.com>; Wed, 13 Nov 2013 05:53:03 +0100 (CET)
Received: from [100.68.115.174] (helo=ebdzlrbtn.kscbwrsncia.ru)
by bb116-15-131-196.singnet.com.sg with esmtpa (Exim 4.69)
(envelope-from )
id 1MMCZK-0766me-Z3
for tony@albericci.co.uk; Wed, 13 Nov 2013 12:53:02 +0800
Date: Wed, 13 Nov 2013 12:53:02 +0800
From: "WELLS FARGO" <office@autokreditbank.ru>
X-Mailer: The Bat! (v3.80.06) Educational
X-Priority: 3 (Normal)
Message-ID: <6683296662.SP71APQX173917@nrvhso.mlrtbz.tv>
To: <tony@receipent.com>
Subject: Wells Fargo Advisors
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------A6FD4D078FB71F55"OS: Ubuntu 12.04 LTS
Panel version: 11.5.30 Update #21, last updated at Nov 13, 2013 06:33 AM
The system is up-to-date; last checked at Nov 8, 2013 06:25 AM
Panel version: 11.5.30 Update #21, last updated at Nov 13, 2013 06:33 AM
The system is up-to-date; last checked at Nov 8, 2013 06:25 AM
