[KLUG Members] Worm.SomeFool.P

Green Proc greenproc at charter.net
Wed Sep 21 09:56:32 EDT 2005

Previous message: [KLUG Members] FOUR Dates Still Available In 2005
Next message: [KLUG Members] KLUG Meeting Notes for September 20, 2005 Have Been Posted
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I recently starting using clamav, and upon performing a scan via
'clamscan' Worm.SomeFool.P (synonymous with Kletzky?) was found in my
inbox for an account different than the one I use for this mailing list:

/home/twedad/.mozilla-thunderbird/lkbrdl7n.default/Mail/mail.charter-1.net/Inbox:
Worm.SomeFool.P FOUND

Problem is, I have no way of determining (that I know of) exactly which
email contains the virus.  I would suspect however that it is the only
email in that inbox that is an "undeliverable" message from
rly-yh03.mail.aol.com [172.18.180.67] saying that:

The original message was received at Mon, 19 Sep 2005 16:41:31 -0400 (EDT)
from bdsl.66.14.244.91.gte.net [66.14.244.91]

while talking to air-yh03.mail.aol.com.:

>>>>>> RCPT To:<trongbear71 at aol.com>

<<< 550 MAILBOX NOT FOUND
550 <trongbear71 at aol.com>... User unknown

It appears that this does not affect me, and that an infected machine
forged a message from my mail account to a mail account that did not
exist.  I would however like to have individual mails scanned by clamav,
but it doesn't appear to directly support this.

Is there a way I can get clamav to integrate with a POP client?  Or
would I have to somehow setup my own MTA such as sendmail, postfix, or
exim, integrate my chosen MTA with clamscan, and then use my chosen MTA
as a "relay" between my POP accounts (various ISP's and private) and my
POP client (thunderbird)?

Previous message: [KLUG Members] FOUR Dates Still Available In 2005
Next message: [KLUG Members] KLUG Meeting Notes for September 20, 2005 Have Been Posted
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list