Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: IP address listed in CBL list

  1. #11
    I am also thinking same way that my server is clean bcoz i have tried most of the antivirus scan online. i saw the log file of Norton but there is nothing new, viruses found in spool directory and it has been deleted by the Norton. But it’s nothing new or suspicious.

    Yes Norton scan the mail header and attached file (encrypted also) and can detect, delete those virus under the encryption

    Now the thing is Norton and barracuda (and most of the online scan) can not detect some virus than how come CBL software can detect them….what are the software they are using to detect the virus (it must be more effective than any antivirus available in the market). I tried to know the virus name but CBL person said that we don’t keep history of each server as we have thousands of entry so its hard to give u particular virus name for particular server.

    As u said I can do only one thing, I can send a group mail to my all client to update their network (all pc). And use good antivirus. (I guess this is the last solution)
    one of the great day in my life when i found antionline.com

  2. #12
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    OK, let us look at what might be done?

    1. I do not believe that it is CBL software that is detecting anything in particular, I think that this is from what has been reported in to them?

    2. You must be very careful about what you say to clients?.............

    "Due to recent developments in the direction that malware is taking, it is becoming apparent that some traditional methodologies are not as effective as they were in the past.

    Given this trend, we strongly recommend that all our most valued clients review the current update status of their software. In particular this should apply to your operating system, and mailing application.

    Whilst we support our clients to the best of our abilities, we are most concerned when we discover that one of you has become infected.

    Naturally, we would immediately and urgently inform you of this situation, but we would sincerely hope that this would never arise in the first place.

    We strongly suggest that you run a firewall that monitors outgoing transmissions, and that you run an up to date antivirus application. This would be best run as an interactive monitor with a regular full scan in safe mode"

    Something like that, perhaps?


  3. #13
    Incredible

    I don’t think so I need to add anything now…I can just copy and paste…..thx nihil
    one of the great day in my life when i found antionline.com

  4. #14
    Senior Member
    Join Date
    Jul 2001
    Posts
    343
    Use www.rbls.org , it will check most of the major
    RBL Lists out there.....
    You may be listed in a little used list....
    I use a number of them myself
    http://www.chautauqualake.net/rbl1.shtml

    I hope this helps!
    Franklin Werren at www.bagpipes.net
    Yes I do play the Bagpipes!

    And learning to Play the Bugle

  5. #15
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    I don't want to simplify the matter but, is it possible someone is just spoofing your domain and sending emails with viruses attached? Anyone who has a recieved a legit email from your company will know the path that it takes. After that, they can just spoof all the legit server transactions that take place and make it look like the email is originating from within your domain. At some point there would be some determining factor that shows the email didn't originate from within your domain (possibly an extra mail server transaction of an open SMTP server) It's too bad we don't have the offending email (the one with a virus attached) so we could check out the header info.
    This could explain why your network appears clean but keeps getting black listed. Just a thought.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  6. #16
    Currently my IP is not blacklisted of any org site (as per multi-rbl scan)

    As nihil said CBL doesn’t have any software to detect virus than who reported for the virus. Can we get the details of that site or the software? Because I am curious to know abut that virus which had been found in my server. I tried to get details from CBL but they don’t keep all records.

    Okay now if I report to the CBL that I am getting virus from xxxx IP (or spam) what they do after getting my report. They must have something to cross check. Otherwise anybody can do wrong report and can blacklist someone’s IP.

    What is the best solution for this problem??? Does it make any different if I go for secure mail server ( Imail 2006 ) currently I am using a bit old version of Imail. or should I go for gateway base firewall ( antispam, antivirus)
    one of the great day in my life when i found antionline.com

  7. #17
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289
    MMmmm.......I think I am asking a childish question from experts but Google didn't help me much...it threw everything but not what I wanted....can someone here please tell me what exactly CBL and RBL stand for so that I start finding about this thing???

    Thanks a ton.
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

  8. #18
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    CBL is "Composite Blocking List" It is a blacklist of compromised or misbehaving servers. More information is here: http://cbl.abuseat.org/

    RBL stands for "Realtime Black List" there are lots of them.............please look here:

    http://www.chautauqualake.net/rbl1.shtml

    So, CBL is a particular blacklist whilst RBL is a generic term for them.

  9. #19
    Junior Member
    Join Date
    Aug 2002
    Posts
    25
    We had the same problem with "Spam Cannibal" No idea why we were there, but they removed us per our request. After the update, it took one full week before all issues stopped.
    -Producer

  10. #20
    Member
    Join Date
    Jan 2002
    Posts
    30
    Just a little FYI: do a google search on Barracuda and open-relay. Its a little known fact that it can and will allow open relay. remove the the "allow" domain areas and such. go to some of the links and they will help you. we had similiar problem. did all kinds of test on our two mail servers and showed up as no problem. finally found answers on google search.
    my stove is hooked to the internet?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •