Has anyone else been getting hit with a flood of virus emails lately? I don't typically get too many of them, but over the past two days, our mail server has been pretty well flooded with them. We use iMail server and I set up some domain processing rules as of yesterday since I'd gotten some 75+ emails, all with virus attachments.

Since yesterday afternoon, that filter has picked up nearly 200 emails with viruses attached to them. So, here I am pushing nearly 300 emails since yesterday afternoon, 95% of which have a virus attached to them, the rest of which are blank. That's not including legitimate email of course, but it seems a bit excessive.

I did read an article just a few minutes ago stating that there have been four email worms released this week that's causing it, and the subjects of the emails match up, so I guess that sort of answered my own question. But how many of you are getting this sort of flood of email?

Me too! It started very suddenly yesterday: everything was normal and then I got about 40 of those virusses. I counted at least 700 of them yesterday and probably aready over 1,000 today. I use MailWasher and just mark everything for deletion and then try to find any message that might not be a virus (pretty easy if you sort by subject).

Yep, it's been a bad week for that.

One of the drawbacks of having demos that point to your website - thousands of people visit your site, it stays in their Temporary Internet Files folder, and many of the newer worms scan those folders for any and all e-mail viruses. I woke up this morning to over 1000 e-mails in my mailbox. A handful of orders, one question from a customer, the rest was garbage. I'm well protected, but even with automatic filtering a lot of stuff gets through - and this volume is simply insane. (I'm just happy I didn't log in at home with my dial up account)

So for the time being I did the rather radical steps of

1. Changing my contact e-mails and sending the old addresses into the trash
2. garbling the e-mail addresses in my html code
3. not making my e-mail addresses clickable

That should do until this flood is over. There are also some javascripts online that put together your e-mail address on the fly.

Now I can go back to my scheduled day.:o

Spam Assasin is taking care of the ones emailed to me, about 2000 per day. But I am getting a ton of autoreply messages from people who receive the virus with our support address as the return field.

It's definitely time for a full support ticket system, it has gotten out of hand.

I think this Sobig.f is the worst it's ever been. It expires on Sept 10th, but there will be others after that.

I didn't get a single one... noone loves me :(

(and i dont even have any spam filters)

It's already made the news:
http://story.news.yahoo.com/news?tmpl=story&cid=569&ncid=738&e=1&u=/nm/20030819/tc_nm/tech_worm_dc

Our server uses MailScanner and SpamAssassin. Consequently, I haven't received a single virus, nor any virus autoreply emails. Our web site is also pretty stingy with email addresses -- initial support requests can only be submitted via a form.

About filtering:

How do you filter e-mail with e.g. "Thank You!" subject lines (one of common lines) without getting rid of a customer comment that is actually thanking you.

:confused:


I think in the end a form-based system is the way to go though. Unfortunate - because I hate using them (and always never do).

I'm being flooded too, and it's really troublesome since I'm on dialup at home. So, filtering them after they have been downloaded doesn't help much.

I wrote a small python script that deletes the mails from the sever, filtering them by subject and size. It checks mail every 120 seconds and deletes or flags suspicious mails. I'll leave it running at work so I don't have huge emails at home.

Download it here http://www.mrio-software.com/mc2.zip

yeah, me too,
always saying "see the attached file for more info"

I think that a good way to protect ourselves is to "hide" the email on the website.
You can do it with forms like Steve does, or simply use javascript to "create on the fly" the email. That way spam-harvesters won't be able to get your email from the site.
But that would prevent users with javascript disabled to use your email too :( so maybe the only solution is to use forms...

Got over 200 "virus-enchanted" emails in one day! Damn those spammers! :mad:

I get lots of them too, mostly Sobig worm, but to my private email :(

Originally posted by Akura
I didn't get a single one... noone loves me :(

(and i dont even have any spam filters)

If you want, maybe we could all forward our emails on to you! ;) ... I've got about 250 today to add to your new collection :)

On my website www.guoly.com, I have five email address, I hide four of them in Javascript, that is , the email address is generated on the fly.
OK, the four address receives no spam at all, but sales@guoly.com, which is not protected this way, gets more than 40 spams a day.

Yes it is freaky. But it gave me the final kick to install amavis. Next time I have to replace exim. It is getting too old for this load.

Same here, a virus every 30seconds approx.

:(
pat.

Im getting about 5000 a day to my various addresses. I've taken various steps so they're all filtered out now, but it's been a particularly bad one.

The other thing that drives me nuts is that spammers started to use bitmap based spams. They just compile a big pixmap, surround it with a few legit sentences and fire it off. They slip through sa with 0.9 or 1.9 points.

It is an utter theft on us dialup users!

Originally posted by Dexterity
Our server uses MailScanner and SpamAssassin. <snip>

What scanning engine do you use with MailScanner? What price class was it in? Any advice on choosing the engine?

I originally started out with the free trial of Sophos, but when that expired, the license fee seemed too high (it was around $1500 per year I think), and I realized I didn't so much need a server virus scanner, since it's simpler just to summarily trash all emails with certain attachments (.pif, .exe, .bat, etc). I have an FTP site where people I know can send me EXE or ZIP files, and the only valid files that I receive as attachments are either images or text documents like contracts. If someone emails me an EXE out of the blue, I won't get it, and I prefer it that way.

Regular email has gotten so corrupted by viruses and spam that I feel it's becoming unwise to list an email address on a web site as a primary initial means of contact. Email still works great for direct person-to-person contact though. I think eventually I'll convert this site to have no public email addresses at all (web-based forms only).

I finally got hit by the wave myself. Luckily SpamAssasin filters almost all viruses into the spam folder but I would like to get the most suspicious cleaned up at the server. What is the exact list of extensions you are filtering for Steve? (A snippet of your MailScanner config would be appreciated as well..)