Security Basics mailing list archives

RE: Malware detection

From: John Hebert <jhebert () bizdps com>
Date: Wed, 18 Jul 2012 18:26:13 +0000

From: mwamba chishimba [mailto:bamwamba () gmail com] 
Sent: Wednesday, July 18, 2012 2:11 PM
To: John Hebert
Cc: security-basics () securityfocus com
Subject: Re: Malware detection

Hi John,

Am running a linux based firewall/gateway(clearOS) which is also running as email server. Spamhaus has just blocked me 
because one of my PC's behind the firewall has a waledac >spambot. I have about 70 Users on the network and picking 
out who the culprit is will be a daunting task as you can imagine. I've started installing malwareBytes on all the 
PC's. In the >meantime I want spamhaus to delist me as pursue the offender. I have installed wireshark to help me 
monitor traffic and on my firewall I have blocked all outgoing traffic except for >http(s). 

Please advise how else I can prevent spam from leaving my network thereby avoiding being blocked by spamhaus ever 
again.


If you change your firewall to block all outgoing SMTP except from the mail server itself, any other computer won't be 
able to send spam anymore.  Once you do that, you'll be able to look at the firewall logs to see which IP is having 
SMTP connections dropped.

Will that prevent you from being blacklisted ever again?  Well, technically, if your mail server or one of the accounts 
on it were to become compromised, it could be used for spam.  Short of that, you're good to go.

I wrote up a vendor-neutral how-to for Spiceworks a little while ago that might help with your outbound firewall rules:
http://community.spiceworks.com/how_to/show/2901 - If anyone has anything to add, let me know and I'll update it.


Thank you in advance for everybody's help, greatly appreciated!

Kind Regards,



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

RE: Malware detection, (continued)
- RE: Malware detection John Hebert (Jul 18)
  - Re: Malware detection Raghav Pande (Jul 18)
    - Re: Malware detection ricky alwi (Jul 18)
    - Re: Malware detection Raghav Pande (Jul 18)
    - RE: Malware detection Mikesch, David A (Jul 18)
    - RE: Malware detection Keith Kooyman (Jul 18)
    - RE: Malware detection Murray, Mike (Jul 18)
    - Re: Malware detection Tony (Jul 18)
  - Re: Malware detection ricky alwi (Jul 18)
    - RE: Malware detection John Hebert (Jul 18)
    - Message not available
    - RE: Malware detection John Hebert (Jul 18)
    - Message not available
    - RE: Malware detection John Hebert (Jul 19)
    - Re: Malware detection Stephanus J Alex Taidri (Jul 23)
    - Re: Malware detection Vic Vandal (Jul 19)
  - Re: Malware detection Tony (Jul 18)
- RE: Malware detection Limanovski, Dimitri (Jul 18)
- Re: Malware detection Jason Hellenthal (Jul 18)
  - Re: Malware detection Tony (Jul 18)
- Re: Re: Malware detection Savvy95 (Jul 19)
  - Re: Malware detection Vic Vandal (Jul 23)
    - Re: Malware detection Jeffrey Walton (Jul 24)

(Thread continues...)