e-mail on linux box

Patrick Fleming EA plug-discuss@lists.plug.phoenix.az.us
Thu, 28 Nov 2002 10:50:09 -0700 (MST) 

On Thu, 28 Nov 2002, cliff rogers wrote:

> I have a Linux box that is my gateway to the internet. It seems to be
> working wonderful and my LAN is usable. My question is: Since I have
> gotten my box up and running I have been receiving a bunch of refused
> e-mail messages. Some are refused because of an improper destination
> address or no such address while others are refused by the destination
> computer because they have an executable file attached. I am wondering
> if somehow I have been infected in my Linux box and that it is using my
> e-mail account to send these out. I have run a couple of virus checks
> from Symantec, I have ZoneAlarm installed on my windows box, I have
> removed a virus called the "W32.Bugbear@mm" from my windows box. My
> Linux box is running ClarkConnect based on the Redhat 7.2 distro (or
> 7.3). I am wondering if I have the mailserver running on it and if that
> is where all these are being sent from or if there is a log that can
> help me track this down and stop it before it gets worse. I am getting
> almost 2 returned e-mail messages for every legitimate message I
> receive. Any advice would be greatly appreciated as I am very much a
> newbie here. Happy Thanksgiving Everyone. Cliff Rogers
> 

Your Linux box is not infected -most likely someone you know is infected.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.H
If your AV software on the Win box is reasonably up to date and you have 
applied all the patches from MS you are probably ok... of course you are 
still using Win.

I use Amavis-ng and ClamScan on my RH box that handles my email. It's not 
that Linux is susceptible to Win32 virii, it's that I got tired of other 
people's virus stuff hitting my email inbox... it's now filtered out into 
a 'spam' folder and I can just delete it or complain vigorously to the 
offender's ISP- details of origination are in the headers. I plan to add 
Amavis-ng and Clamscan to another email server as soon as I can work out 
the PERL modules.



-- 
Patrick Fleming, EA
http://myhdvest.com/patrickfleming
Licensed to represent taxpayers
before Exam, Appeals, and Conference 
divisions of the IRS