Installed ClamAV virus definition scanner — an open source virus detection module to be used in conjunction with mail transfer agents. cgpav provides the glue to use clamd in conjunction with CommuniGate Pro. freshclam updates the virus definition tables hourly.

Attention! You sent an infected message with the
VIRUS: Eicar-Test-Signature
It was rejected for delivery.

With the addition of Razor, very little spam is getting through my gateway — Razor made an incredible difference (as I expected it would, since it’s human/collaborative). The remaining gravel in the shoe is all of the autoresponder fallout from MyDoom.

Music: Land of the Loops :: The Warm Glow of Waltham

3 Replies to “ClamAV”

  1. Consider turning off that autoresponder option Scot. I’m receiving as many bounce messages (some actually containing a virus) as infected messages.


    Just like SoBig-F, much of the huge volume of crap generated by MyDoom is the result of auto-responder messages. As well as replies that someone is out of the office users are getting a stream of accusatory messages from anti-virus gateway products accusing them of sending a virus.

    MyDoom spoofs the ‘from’ field in infectious emails, but AV products are still incapable of recognising this: hence the tide of confusing messages.

    These auto-spam messages are stripped of viral attachments but still contribute to the message load on organisations which are otherwise protected against the virus.

    We’re all MyDoomed


  2. Hi Philm – Yup, same here. It’s ironic – I’ve finally squashed the amount of actual incoming spam down to nearly zero (thanks to the addition of razor to my toolkit) only to have all of MyDoom’s autoresponder messages still pumping through, which is almost *as if* I were still getting spam. I did turn off ClamAV’s autoresponder for this reason, but I can also do some additional signature detection to try and blockade some of the autoresponses. Unfortunately they’re all unique to the systems that send them, so I’m not sure how fruitful it will be.

Leave a Reply

Your email address will not be published. Required fields are marked *