Results 1 to 10 of 10
  1. #1
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,554

    Default More spam/viruses coming through

    Just a note...since updating our unit to 9.1, replacing Kaspersky with Virus Blocker (new Authentium engine)..and replacing CommTouch spam booster with Spam Booster....since that very day...we've had a substantial increase in spam..notably viruses like those fake "DHL" viruses coming through.

    We are running Virus Blocker along with Virus Blocker Lite (the old clam based one)...each are catching some stuff..so it makes me think it's good to leave them both running...one "might" catch what the other one misses.

    As for the spam part...we're just running the Spam Blocker by itself...not along with the Spam Blocker Lite. The 9.1 presentation you guys gave a few weeks ago hinted at just running Spam Blocker and not both. We used to run BOTH at the same time in prior versions...and each caught some.

    I'm looking at the Virus Blocker...over 20,000 messages passed..and only 3x viruses removed. That "removed" number used to be way way waaaaay higher with Kas.

    I always liked Kaspersky....was quite an effective product.

  2. #2
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,554

    Default

    Nobody else noticing this?
    Over the weekend...some of us at the office had some United Airlines virus spam in our Outlooks inbox....walked right through Untangle. Eset catches it.

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,121

    Default

    The scam mails with the .zip attached have been going right through my 9.0.2 installation for weeks. I've updated to 9.1.1, I haven't gotten any more since but at the same time that doesn't mean much.

    I have not switched off Kaspersky yet.

    I'm thinking with the upgrade the Bayes learning was wiped?
    Last edited by sky-knight; 01-16-2012 at 11:34 AM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untangle Ninja raditude's Avatar
    Join Date
    Jan 2009
    Location
    Eugene, OR
    Posts
    1,143

    Default

    I do not have the answer, but concur with what is said here, since upgrading to 9.1.x the catch rates have gone down. My thought process was that of sky-knight's that the bayes got reset, so I have been trying to give it a few days to get up to speed.

    Since one of the offices used OpenDNS, which is a whole other thread about this, I decided to test it out and swapped to the ISP DNS to see if the catch rate increased... It has been 48hrs and any increase is negligible at best.

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,121

    Default

    I just got another DHL spoof mail.

    But as I said, I was getting these things regularly BEFORE the upgrade. So I don't see a reduction in detection here, Untangle hasn't been stopping those mails for me at all.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Untangle Ninja raditude's Avatar
    Join Date
    Jan 2009
    Location
    Eugene, OR
    Posts
    1,143

    Default

    That is weird, as the DHL, UPS, FedEx..etc usually are all caught by UT for us.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,121

    Default

    I've gotten spoofed mail from DHL, UPS, FedEx, Verizon, AT&T, Wells Fargo, Cox Communications, Comcast, and a few other places.

    All the same MO, spoofed official message from that provider, links that go back to said providers page and are nice and safe. All have a .zip attachment that encloses a single EXE file that is no doubt the payload.

    It's been constant since just before Thanksgiving I think.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Untangle Ninja raditude's Avatar
    Join Date
    Jan 2009
    Location
    Eugene, OR
    Posts
    1,143

    Default

    Yeah there is no shortage to which companies they try to spoof, and the MO is the same in all of them, deliver a .zip attachment with the .exe payload.

    However as stated, guess we are "lucky" that I see them in the quarantine sometimes, but beyond that I have not seen them in anyones inbox, or quarantine on the Exchange box, or desktop.

  9. #9
    Master Untangler
    Join Date
    Jul 2010
    Location
    Austria
    Posts
    185

    Default

    I run a seperate virtual mailgate (MailCleaner OpenSource Edition) which is very good and nice to adjust. Exchange has a Symatec virus proteciton. If a infected mail arrives it is caught by UT. Spam is always marked by UT and MailCleaner. Somtimes UT is more accurate than MailCleaner.
    We have a similar situation at a client. UT catches all of the viruses there is nothing left for Symantec.
    So I could not see any changes.
    MIB

  10. #10
    Untanglit
    Join Date
    Jul 2009
    Posts
    19

    Default

    Anyone have a solution to this? These emails have been coming through for awhile now and clam doesn't seem to be able to pick them up at all. Although I have told the users not to open these someone always does.

    Would it make sense to just block all .zip attachments with an .exe inside? If a legitimate .zip email arrive then it can be allowed by the admin.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2