Mail services checking - URGENT
Doug Hardie
bc979 at lafn.org
Mon Sep 8 14:39:03 UTC 2008
On Sep 8, 2008, at 06:04, Jeremy Chadwick wrote:
> On Mon, Sep 08, 2008 at 05:59:54AM -0700, David Southwell wrote:
>> On Monday 08 September 2008 05:19:51 Jeremy Chadwick wrote:
>>> On Mon, Sep 08, 2008 at 05:10:27AM -0700, David Southwell wrote:
>>>> I have had a series of attacks on a system which resulted in a
>>>> hijack of
>>>> our mail system.
>>>>
>>>> I believe I have now fixed the main problem but I need a tool
>>>> that will
>>>> reliably, and independently of the mail logs check my network for
>>>> all
>>>> outgoing mails and hold them up until I am certain that there all
>>>> loopholes have been closed.
>>>>
>>>> Can anyone please let me have some recomendations on the best way
>>>> of
>>>> going about this
>>>
You might want to look at the clamav port. If there are examples of
the things you would be checking for, you can create your own
signatures for those and clamav will do the monitoring for you. You
can configure it to quarantine messages which have the signature for
manual review. It won't find anything new, it just does a better job
of finding things you have seen before.
More information about the freebsd-ports
mailing list