Complete.Org: Mailing Lists: Archives: discussion: May 2002:
[aclug-L] Re: SPOOFING! Subject: [linux-help] A good tool :Not FromDav

[aclug-L] Re: SPOOFING! Subject: [linux-help] A good tool :Not FromDav

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

To:	<discussion@xxxxxxxxx>
Subject:	[aclug-L] Re: SPOOFING! Subject: [linux-help] A good tool :Not FromDavid Carmichael
From:	Chris Owen <owenc@xxxxxxxxxx>
Date:	Thu, 16 May 2002 20:41:19 -0500 (CDT)
Reply-to:	discussion@xxxxxxxxx

On Thu, 16 May 2002, James O. Harms wrote:

>
> Clint Brubakken wrote:
> >
> > Most likely someone on the list has the Klez Virus
>
> <SNIP>
>
> Right.  iwichita caught it w/ their virus checker before delivery to
> my acct. --joh
>
> V I R U S  A L E R T
>
> Our virus scanning software found the
>
>    W32/Klez.h@MM
>
> virus(es) in an email to you from:
>
> linux-help-bounce@xxxxxxxxx
>
> WE HAVE STOPPED DELIVERY OF THIS EMAIL AS A RESULT!

Yes, Klez has been a real pain.  We've blocked north of 5,000 infected
emails bound for customers so far this week and most of them have been
Klez.  We had a single person send nearly 4,000 copies of Klez in the past
two weeks to our customers.

BTW, just to keep this somewhat on topic ;-].  We're doing all our
scanning and blocking with a couple of Linux boxes.  We're only doing
about 400,000 emails a day right now on them but they will easily handle
many times that.  Pretty impressive really.  Scanning like this requires
accepting the mail, saving it to disk, breaking it down into its various
MIME components, uncompressing any compressed files and then scanning the
whole mess before either sending the original mail on to the POP server or
sending out rejection notices.

During testing before we took them live we were able to get a single
machine to handle 250K emails coming in at 4 per second and 1000K emails
at 2 per second with no problem.  Just for fun I also did 12 15K emails
per second for a while.  I really don't think even those really put the
hurt on the machines but at those rates the POP server is really the
bottleneck (procmail is not your friend in situations like this).

Chris

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chris Owen             ~  Hubris Communications  ~  Lottery (noun):
PO Box 1969            ~  120 S Market Suite 101 ~     A stupidity tax
Garden City, KS 67846  ~  Wichita, KS 67202      ~
Voice: (620) 275-1900  ~  Voice: (316) 858-3000  ~     www.hubris.net
Fax:   (620) 275-0313  ~  Fax:   (316) 858-3001  ~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi

[Prev in Thread]

Current Thread

[Next in Thread]

[aclug-L] SPOOFING! Subject: [linux-help] A good tool :Not From David Carmichael, David Carmichael, 2002/05/16
- [aclug-L] Re: SPOOFING! Subject: [linux-help] A good tool :Not From David Carmichael, Clint Brubakken, 2002/05/16
  - [aclug-L] Re: SPOOFING! Subject: [linux-help] A good tool :Not FromDavid Carmichael, James O. Harms, 2002/05/16
    - [aclug-L] Re: SPOOFING! Subject: [linux-help] A good tool :Not FromDavid Carmichael, Chris Owen <=

Prev by Date: [aclug-L] Re: SPOOFING! Subject: [linux-help] A good tool :Not FromDavid Carmichael
Next by Date: [aclug-L] W32.Klez.E removal tools
Previous by thread: [aclug-L] Re: SPOOFING! Subject: [linux-help] A good tool :Not FromDavid Carmichael
Next by thread: [aclug-L] W32.Klez.E removal tools
Index(es):
- Date
- Thread