Security Basics mailing list archives
RE: Malware detection
From: John Hebert <jhebert () bizdps com>
Date: Wed, 18 Jul 2012 18:26:13 +0000
From: mwamba chishimba [mailto:bamwamba () gmail com] Sent: Wednesday, July 18, 2012 2:11 PM To: John Hebert Cc: security-basics () securityfocus com Subject: Re: Malware detection Hi John, Am running a linux based firewall/gateway(clearOS) which is also running as email server. Spamhaus has just blocked me because one of my PC's behind the firewall has a waledac >spambot. I have about 70 Users on the network and picking out who the culprit is will be a daunting task as you can imagine. I've started installing malwareBytes on all the PC's. In the >meantime I want spamhaus to delist me as pursue the offender. I have installed wireshark to help me monitor traffic and on my firewall I have blocked all outgoing traffic except for >http(s). Please advise how else I can prevent spam from leaving my network thereby avoiding being blocked by spamhaus ever again.
If you change your firewall to block all outgoing SMTP except from the mail server itself, any other computer won't be able to send spam anymore. Once you do that, you'll be able to look at the firewall logs to see which IP is having SMTP connections dropped. Will that prevent you from being blacklisted ever again? Well, technically, if your mail server or one of the accounts on it were to become compromised, it could be used for spam. Short of that, you're good to go. I wrote up a vendor-neutral how-to for Spiceworks a little while ago that might help with your outbound firewall rules: http://community.spiceworks.com/how_to/show/2901 - If anyone has anything to add, let me know and I'll update it.
Thank you in advance for everybody's help, greatly appreciated! Kind Regards,
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: Malware detection, (continued)
- RE: Malware detection John Hebert (Jul 18)
- Re: Malware detection Raghav Pande (Jul 18)
- Re: Malware detection ricky alwi (Jul 18)
- Re: Malware detection Raghav Pande (Jul 18)
- RE: Malware detection Mikesch, David A (Jul 18)
- RE: Malware detection Keith Kooyman (Jul 18)
- RE: Malware detection Murray, Mike (Jul 18)
- Re: Malware detection Raghav Pande (Jul 18)
- RE: Malware detection John Hebert (Jul 18)
- Re: Malware detection Tony (Jul 18)
- RE: Malware detection John Hebert (Jul 18)
- Message not available
- RE: Malware detection John Hebert (Jul 18)
- Message not available
- RE: Malware detection John Hebert (Jul 19)
- Re: Malware detection Stephanus J Alex Taidri (Jul 23)
- Re: Malware detection Tony (Jul 18)
- Re: Malware detection Vic Vandal (Jul 23)
- Re: Malware detection Jeffrey Walton (Jul 24)