In the exim mainlog, we have this
Contacted customer, the IP 123.30.181.238 is not their IP. Also, asked him to change password of those 2 accounts already, but the log keeps coming back. Wondering if someone else sees this on your servers?
This log is from a CloudLinux 5 - 64bits machine with ClamAV 0.97.6/15574.
Thanks.
2012-11-12 17:15:08 1TXr2p-000OiG-Qf H=([172.16.15.37]) [123.30.181.238] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (Worm.Bagle)
2012-11-12 17:15:26 1TXr37-000P3d-2J H=([172.16.15.37]) [123.30.181.238] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (Worm.Bagle)
2012-11-13 17:03:20 1TYDKx-000HC3-MY H=([172.16.15.37]) [123.30.181.238] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (Worm.Bagle)
2012-11-13 17:03:37 1TYDLE-000HIm-Uh H=([172.16.15.37]) [123.30.181.238] F=<[email protected]> rejected after DATA: This message contains a virus or other harmful content (Worm.Bagle)
Contacted customer, the IP 123.30.181.238 is not their IP. Also, asked him to change password of those 2 accounts already, but the log keeps coming back. Wondering if someone else sees this on your servers?
This log is from a CloudLinux 5 - 64bits machine with ClamAV 0.97.6/15574.
Thanks.