false warning?

false warning?

In the exim mainlog, we have this

Quote:

2012-11-12 17:15:08 1TXr2p-000OiG-Qf H=([172.16.15.37]) [123.30.181.238] F=<email1@domain.com> rejected after DATA: This message contains a virus or other harmful content (Worm.Bagle)
2012-11-12 17:15:26 1TXr37-000P3d-2J H=([172.16.15.37]) [123.30.181.238] F=<email2@domain.com> rejected after DATA: This message contains a virus or other harmful content (Worm.Bagle)
2012-11-13 17:03:20 1TYDKx-000HC3-MY H=([172.16.15.37]) [123.30.181.238] F=<email1@domain.com> rejected after DATA: This message contains a virus or other harmful content (Worm.Bagle)
2012-11-13 17:03:37 1TYDLE-000HIm-Uh H=([172.16.15.37]) [123.30.181.238] F=<email2@domain.com> rejected after DATA: This message contains a virus or other harmful content (Worm.Bagle)


Contacted customer, the IP 123.30.181.238 is not their IP. Also, asked him to change password of those 2 accounts already, but the log keeps coming back. Wondering if someone else sees this on your servers?

This log is from a CloudLinux 5 – 64bits machine with ClamAV 0.97.6/15574.
Thanks.

Comments are closed.