Date: Mon, 8 Sep 2008 07:14:00 -0700 From: Doug Hardie <bc979@lafn.org> To: David Southwell <david@vizion2000.net>, FreeBSD-PORTS <freebsd-ports@freebsd.org> Subject: Re: Mail services checking - URGENT Message-ID: <E208B342-871C-49E1-8267-C27256205FFC@lafn.org> In-Reply-To: <20080908130424.GA68754@icarus.home.lan> References: <200809080510.27779.david@vizion2000.net> <20080908121951.GB67339@icarus.home.lan> <200809080559.54658.david@vizion2000.net> <20080908130424.GA68754@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 8, 2008, at 06:04, Jeremy Chadwick wrote: > On Mon, Sep 08, 2008 at 05:59:54AM -0700, David Southwell wrote: >> On Monday 08 September 2008 05:19:51 Jeremy Chadwick wrote: >>> On Mon, Sep 08, 2008 at 05:10:27AM -0700, David Southwell wrote: >>>> I have had a series of attacks on a system which resulted in a >>>> hijack of >>>> our mail system. >>>> >>>> I believe I have now fixed the main problem but I need a tool >>>> that will >>>> reliably, and independently of the mail logs check my network for >>>> all >>>> outgoing mails and hold them up until I am certain that there all >>>> loopholes have been closed. >>>> >>>> Can anyone please let me have some recomendations on the best way >>>> of >>>> going about this >>> You might want to look at the clamav port. If there are examples of the things you would be checking for, you can create your own signatures for those and clamav will do the monitoring for you. You can configure it to quarantine messages which have the signature for manual review. It won't find anything new, it just does a better job of finding things you have seen before.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E208B342-871C-49E1-8267-C27256205FFC>