Hi ich habe ein Problem mit unseren Ben Hur Router,
wir nutzen ihn als mail, viren-scanner und web-proxy, seit kurzen bekomme ich eine Meldung
AntiVir has detected the following in a mail sent through your server:
WORM/Netsky.D.Dam
The mail was not delivered.
It has been quarantined with the following queue id:
19997-19BD011D
Mail-Info:
--8<--
Message-Id: <20070413063430.C653A1D450@ns1.systeam.de>
From: MAILER-DAEMON@ns1.systeam.de (Mail Delivery System)
To: user@domain.de
Date: Fri, 13 Apr 2007 08:34:30 +0200 (CEST)
Subject: Undelivered Mail Returned to Sender
Mail-From: <MAILER-DAEMON@ns1.systeam.de>
Rcpt: <user@localhost>
Queue-Id: 19997-19BD011D
Status: The mail was not delivered!
--8<--
Log-File:
--8<--
info: extracting attachment 1 to /var/tmp/av-19998-tsOPCu/av-0
(encoding="8bit", name="(no name)", filename="(no name)")
info: extracting attachment 2 to /var/tmp/av-19998-tsOPCu/av-1
(encoding="8bit", name="(no name)", filename="body")
info: extracting attachment 3 to /var/tmp/av-19998-tsOPCu/av-2
(encoding="8bit", name="(no name)", filename="(no name)")
info: extracting attachment 4 to /var/tmp/av-19998-tsOPCu/av-3
(encoding="base64", name="your_letter.pif", filename="your_letter.pif") checking file "/var/tmp/av-19998-tsOPCu/av-1"
checking file "/var/tmp/av-19998-tsOPCu/av-3"
checking file "/var/tmp/av-19998-tsOPCu/av-0"
checking file "/var/tmp/av-19998-tsOPCu/av-2"
--8<--
--
AntiVir for UNIX
Copyright (C) 1994-2002 by H+BEDV Datentechnik GmbH. All rights reserved.
Weitere Log Dateien:
Linux mail 2.2.20 #6 Mon Apr 8 15:40:31 CEST 2002 i586 unknown
Ben Hur Update 075 -- 02.03.2004 09:47
09:00:32 ipop3d connect from 12x.x.x.137
09:02:19 avmilter Alert! the file "/var/tmp/av-30240-gkEc4O/av-3" contains "WORM/Netsky.D.Dam" worm
09:02:19 avmilter Potential malicious code has been found - mail will be rejected.
09:02:19 avmilter Message 'outgoing/xf-30240-502FD6B7' scheduled for delivery now.
09:02:20 avmilter Message 'outgoing/qf-30240-502FD6B7' successfully forwarded.
09:32:12 avmilter Alert! the file "/var/tmp/av-32542-VvyMlU/av-3" contains "WORM/Netsky.D.Dam" worm
09:32:12 avmilter Potential malicious code has been found - mail will be rejected.
09:32:12 avmilter Message 'outgoing/xf-32542-268DDED2' scheduled for delivery now.
09:32:12 avmilter Message 'outgoing/qf-32542-268DDED2' successfully forwarded.
09:00:32 ipop3d connect from 12x.x.x.x
09:02:05 sendmail l3G71tQV030172: from=, size=35641, class=0, nrcpts=1, msgid=, bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
09:02:06 sendmail l3G71tQV030172: Milter add: header: X-AntiVirus: checked by AntiVir Milter 1.0.2; AVE 7.3.1.44; VDF 6.38.0.119
09:02:10 sendmail l3G72AQV030205: from=, size=28863, class=0, nrcpts=1, msgid=<20070416071724.4EF6CBD51@zsimrelay.iparnet.de>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
09:02:11 sendmail l3G72AQV030205: Milter add: header: X-AntiVirus: checked by AntiVir Milter 1.0.2; AVE 7.3.1.44; VDF 6.38.0.119
09:02:12 sendmail l3G72AQW030205: from=, size=8614, class=0, nrcpts=1, msgid=<20070416071726.4B346BD51@zsimrelay.iparnet.de>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
09:02:12 sendmail l3G72AQW030205: Milter add: header: X-AntiVirus: checked by AntiVir Milter 1.0.2; AVE 7.3.1.44; VDF 6.38.0.119
09:02:13 sendmail l3G72AQX030205: from=, size=14035, class=0, nrcpts=1, msgid=<20070416071727.ABB74BD51@zsimrelay.iparnet.de>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
09:02:14 sendmail l3G72AQX030205: Milter add: header: X-AntiVirus: checked by AntiVir Milter 1.0.2; AVE 7.3.1.44; VDF 6.38.0.119
09:02:18 sendmail l3G72HQV030238: from=, size=27230, class=0, nrcpts=1, msgid=<20070413063430.C653A1D450@ns1.systeam.de>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
09:02:19 sendmail l3G72HQV030238: Milter: data, reject=511 Virus found in email!
09:02:19 sendmail l3G72HQV030238: to=, delay=00:00:02, pri=31065, stat=Virus found in email!
09:02:20 sendmail l3G72J6T030251: from=AntiVir@localhost, size=1822, class=-100, nrcpts=1, msgid=<200704160702.l3G72J6T030251@mail@intern.domain.de>, relay=uucp@localhost
09:02:20 sendmail l3G72J6T030251: to=user@user.intern.domain.de, delay=00:00:01, mailer=local, pri=210200, stat=queued
09:02:57 sendmail l3G72AQX030205: to=, delay=00:00:44, xdelay=00:00:00, mailer=local, pri=121329, dsn=2.0.0, stat=Sent
09:02:57 sendmail l3G72AQV030205: to=, delay=00:00:47, xdelay=00:00:00, mailer=local, pri=121329, dsn=2.0.0, stat=Sent
09:02:57 sendmail l3G72AQW030205: to=, delay=00:00:46, xdelay=00:00:00, mailer=local, pri=121331, dsn=2.0.0, stat=Sent
09:02:57 sendmail l3G71tQV030172: to=, delay=00:00:52, xdelay=00:00:00, mailer=local, pri=121464, dsn=2.0.0, stat=Sent
09:02:57 sendmail l3G72J6T030251: to=user@user.intern.domain.de, delay=00:00:38, xdelay=00:00:00, mailer=local, pri=300200, dsn=2.0.0, stat=Sent
09:03:43 sendmail l3G72NQV030254: ruleset=check_mail, arg1=, relay=localhost [127.0.0.1], reject=451 4.1.8 Domain of sender address qualitec-ltd.com@kassarol.com does not resolve
09:03:43 sendmail l3G72NQV030254: from=, size=13640, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
09:05:09 sendmail l3G7096G030047: from=root, size=631, class=0, nrcpts=1, msgid=<200704160700.l3G7096G030047@mail@intern.domain.de>, relay=root@localhost
09:05:09 sendmail l3G7096G030047: to=trashbin, ctladdr=root (0/0), delay=00:05:00, xdelay=00:00:00, mailer=local, pri=30280, dsn=2.0.0, stat=Sent
09:02:23 named Lame server on 'ns3.firstfind.nl' (in 'firstfind.nl'?): [192.93.0.4].53 'B.NIC.FR': learnt (A=198.32.64.12,NS=198.32.64.12)
09:05:57 named Lame server on 'pridns3.svr.pol.co.uk' (in 'pol.co.uk'?): [213.248.254.130].53 'NS6.NIC.uk': learnt (A=202.12.27.33,NS=202.12.27.33)
09:07:17 named Lame server on 'daimyo.dangerous.it' (in 'dangerous.it'?): [192.112.36.4].53 'G.ROOT-SERVERS.NET': learnt (A=".",NS=".")
09:11:17 named Lame server on 'ns4.24-7webhosting.net' (in '24-7webhosting.net'?): [192.48.79.30].53 'J.GTLD-SERVERS.net': learnt (A=202.12.27.33,NS=202.12.27.33)
09:14:18 named Lame server on 'pearlsindia.com' (in 'pearlsindia.com'?): [216.109.116.20].53 'yns2.yahoo.com': learnt (A=192.55.83.30,NS=192.55.83.30)
könnt Ihr mir helfen ?
ich habe keine Ahnung warum der dienst named irgendwelche Server lernt ?? und das Protokoll ESMTP nutzt. Wir haben keine Einstellungen über ESMTP gemacht
Named, Squid und Virenbefahl usw..
-
altzheimer
- Beiträge: 221
- Registriert: 06.03.2007 15:53:44
-
Kontaktdaten:
Moin!
Kann es evtl sein das der Server RBL benutzt um Spam zu filtern? Siehe diesen Thread http://www.linuxquestions.org/questions ... p?t=474799
Zu dem nicht konfiguriertem SMTP: Amavis, Procmail... nutzen das Protokoll um Mails von z.B Postfix an den Virenscanner u. o. Spammfilter zu übergeben. Ist aber nur so eine Vermutung. Was gibt aus?
Gruß
Stephan
PS: bitte Logs nach nopaste und hier verlinken - in der Form kann/will das doch keiner lesen
Kann es evtl sein das der Server RBL benutzt um Spam zu filtern? Siehe diesen Thread http://www.linuxquestions.org/questions ... p?t=474799
Zu dem nicht konfiguriertem SMTP: Amavis, Procmail... nutzen das Protokoll um Mails von z.B Postfix an den Virenscanner u. o. Spammfilter zu übergeben. Ist aber nur so eine Vermutung. Was gibt
Code: Alles auswählen
netstat -an | grep LISTENGruß
Stephan
PS: bitte Logs nach nopaste und hier verlinken - in der Form kann/will das doch keiner lesen