Summersault Blog

The Sober.P worm, which spreads itself through infected e-mail attachments, seems to be hitting the U.S. fairly hard this week. I just noticed that it started coming into Summersault’s mail servers en masse - at least compared to our normal virus load - earlier this week.

This graph, which is updated on the left side, shows the sudden influx of virus traffic - up to 64 infected messages every 5 minutes, beginning about mid-day Monday.

Of course, one of the resulting joys in my life is that I get to craft fun “track it down” mail log parsing statements, like

grep Sober.P /var/log/clamav/clamd.log | grep hedwig | cut -d’/’ -f6 | tail -2500 | xargs grep -B1 ‘by nollie’ | grep HELO | cut -d’ ‘ -f 6 | sort | uniq -c | sort -rn | head -200


I guess the real joy is all the Summersault clients with mail accounts that aren’t seeing those thousands of viruses come into their inbox.

This entry was posted on Wednesday, May 4th, 2005 at 2:59 pm and is filed under Sysadmin / Hosting. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.