cancel
Showing results for 
Search instead for 
Did you mean: 

Virus madness

N/A

Virus madness

Just checked my email (at around 09:45 ) for the first time since about 5pm yesterday

I had WELL OVER 500 "virus found" emails from plusnet. - good job I use mailwasher to process my email or I'd have been deleting emails from Outlook from now until next easter!!

"
Problem description:
Email data:
MessageID: <20030919090001.7B8021692D8@mail5.easyspace.com>
From: "Net Email Service" <>
To: "Network Client" <user@smtpserver.com>
Cc:
Subject: Abort Advice
Scanning part []

Scanning part [ammgrrl.exe]
Attachment validity check: passed.
Virus identity found: W32/Gibe-F"

They all have the same virus and are all for different email addys .

IT'S MADNESS

:shock: :shock:

[Moderators note (by Thomas): Rather excessive smileys removed.
39 REPLIES
Lorian
Grafter
Posts: 699
Registered: 31-07-2007

Re: Virus madness

Quote
They all have the same virus and are all for different email addys .



It fakes the from address. It also posts itseflt to usenet. it's going to be a biggy based on the reports so far. doh!

http://www.sophos.com/virusinfo/articles/gibef.html

http://www.sophos.com/virusinfo/analyses/w32gibef.html

Jc.

Moderators note (John) quote BBcode sorted for you
Simon_M
Grafter
Posts: 684
Registered: 05-04-2007

Virus madness

Could yesterday's mail queue problem have something to do with this? Was the queue caused by a sudden increase in mail volume?
N/A

Virus madness

Still getting them at a rate of around 20 - 50 an hour. It's madness.

Doug
N/A

Virus madness

I'm getting 10 an hour.

It's insane.
N/A

Virus madness

My new PB is 48 in 30 minutes

God knows what'll happen in the morning after 12 odd hours of them building up !!

Doug
N/A

Virus madness

I am luckily not seeing the same volumes of mail that Sobig-f produced.

At one stange, I was seeing 3 emails per min with that
N/A

Virus madness

I'm seing peaks like that - I looking at McAffe's definitions, I think Sobig and this one are related. I occasionally get 5 in a minute, or more, then none for a few minutes, then another batch,.

The processor power needed to virus check all these damn things must be almighty

Doug
Ianwild
Grafter
Posts: 3,835
Registered: 05-04-2007

Virus madness

HI Guys,

As we said in the service status postings yesterday, the reasons for yesterdays mail delays were that we are currently processing MUCH more email then we would have expected under normal circumstances. We have done some significant upgrades to the mail platform, simply to ensure that the extra load can be dealt with. Apart from that, there is little we can do in relation to this, although I agree that "Madness" sums it up quite well!

Regards,

Ian
N/A

Virus madness

I'm not sure how easy this would be to impliment, but would it be feasable for users to customize the anti-virus service so as to set it to not bother telling you if you get a virus filled email - or even just email you once every 24 hours with a summary?

I just travelled from Leicester (home) to Wiltshire (about 2 hours?) and had more than 400 new virus email notifications. I wouldnt mind - but it's 28k down here on a crappy bt line !!!!

Doug
N/A

Virus madness

It started slowly with me about 3 days ago and now I'm getting about 30 per hour.
My virus checker is catching them as the Worm.Automat.AHB virus.
If my local checker can get it why can't they be blocked aT PlusNet.

Been with demon on dial up for 5 years with no trouble, joined PlusNet about 2 weeks ago for ADSL and now I get this junk. Sad
Ianwild
Grafter
Posts: 3,835
Registered: 05-04-2007

Virus madness

Hi,

It is an ISPs job to deliver email to the person it is addressed to. Where a Virus is addressed to your mailbox there is not that much we can do about that. Demon don't automatically virus check their customers mail, so I can only imagine that less people had your Demon email address in their address book than now, OR that your PlusNet address has been harvested from a public website or Usenet.

While we do offer a server side Anti-Virus system which customers can subscribe to, this type of system is very resource intensive and would simply fall over if we applied it to all of the email our systems handle. This is always going to be something that costs more to run, although as we improve the solution it may be that it costs less or becomes included on more of our account types.

In regard to the other question, we don't currently have a way to stop the "We have blocked a virus" message being generated, however this option is being built into version 2 of our Virus checking system, which is currently under development. In the mean time, I would recommend Magic Mail Monitor, which can be used to analyse the messages on the server and delete them without having to download them, although I accept this sI not an ideal solution.

With Regards,

Ian
N/A

Virus madness

Thanks for the information.
I have picked up on an earlier posting and just downloaded and installed Mailwasher to try to help.
However this is strange as I haven't had a new email with the virus for the last 20 minutes.
Keeping everything crossed !
N/A

Virus madness

Ian
What port do you supply in MAGIC. It would help if you supplied an example of the line to be typed in.
csogilvie
Grafter
Posts: 5,852
Registered: 04-04-2007

Virus madness

If you are connecting to the POP3 server, mail.plus.net you need to use port 110 the standard pop3 port. (I've not used the program so cant provide an example)