Re[2]: Temporary "solution" to MyDoom worm

[Fabio Bastiglia Oliva <fboliva () safenetworks com>]

Hello Matt,


Yes...  I'm  using  a  AV mail scanner, but due the heavy mail traffic
increased by MyDoom, the cpu usage was extremely high.

hehe... I'm using qmailscanner + clamav :)

After  turn these rules on... The cpu usage of my company mail servers
had a decrease of 50%.


Best Regards
________________________
Fabio Bastiglia Oliva
fboliva () safenetworks com


Friday, January 30, 2004, 2:07:07 PM, you wrote:

MK> At 08:41 AM 1/28/2004, Fabio Bastiglia Oliva wrote:
> > I'm using the MyDoom possible Subjects to detect it... Of course, it's
> > not 100% accurate, but it's helping a lot my mail servers.
> >
> > It's necessary to use Flexible Response to make it work.

MK> While using flexresp for this isn't outright invalid, I'd suggest that
MK> there are more accurate and ways to deal with mydoom that you really should
MK> already have set up on your network.

MK> ie: clamav (a free open-source *nix virus scanner)... pair that with a MTA
MK> layer virus scanning tool and configure it to toss all the mydoom (aka SCO)
MK> worms quietly into the trash.

MK> If server load is a problem, then you could use the flexresp solution to
MK> help, but I'd still make sure I had a MTA layer scanner to deal with the
MK> stuff that gets past flexresp.







-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users