[lug] slightly OT - infected email rate drop?
Alisdair Davey
ard at pergamentum.com
Wed Jan 11 10:28:33 MST 2006
Calvin,
> Hey guys (no offense to Evelyn intended),
>
> I manage a number of domains which use Clamav and Amavis for
> email virus scanning.
>
> It seems that these domains have seen a huge drop in infected
> email (almost all containing Worm.Sober) in the last few days.
>
> Has anyone else seen this drop? Does anyone know the cause?
You are not alone. It's also been noted on the MailScanner list. In my case it
comes about because I upgraded MailScanner/spamassassin, and spamassassin
with razor / pyzor / dcc is detecting most of the virus emails as high scoring
spam which gets deleted and never virus scanned.
Alisdair
> Have a bunch of users been scared into checking their computers
> because of the recent WMF crisis?
>
> Or are the infected computers zombies whose masters are simply
> biding their time until their next attack?
>
> I'm sure it's not due to Clamav simply failing to detect virii,
> since there were no emails of ANY sort from the infected systems
> (based on IP address) after the dropoff.
>
> Your knowledge (or anecdotes, or scuttlebutt,etc.) would be
> appreciated.
>
> Calvin
> --
> Calvin Dodge
> Certified Linux Bigot (tm)
> http://www.caldodge.fpcc.net
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
--
Dr Alisdair Davey ard at pergamentum.com
Pergamentum Solutions Tel: 1-303-981-9838
2066 Dailey Lane
Superior, CO 80027
More information about the LUG
mailing list