How can Kill Worm.Mydoom.I?Help

[yorry]

I received 16000 piece same mail .header .txt .

Return-Path: <andreas_tjioe@ayn.com.hk>
Received: from stka.com.hk (061092095098.ctinets.com [61.92.95.98])
by mail.stka.com.hk (Postfix) with ESMTP id 6B00963C13A
for <bwe@stka.com.hk>; Thu, 30 Jun 2011 08:55:03 +0800 (HKT)
From: andreas_tjioe@ayn.com.hk
To: bwe@stka.com.hk
Subject: exception
Date: Thu, 30 Jun 2011 08:55:03 +0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0014_00005D35.000027E1"
X-Priority: 3
X-MSMail-Priority: Normal
Tks

[bibin]

we have also the same problem with Worm.Mydoom.M virus. Got notification mail to all users in our mail server. messages details is as follows:
----------------------------------------------------------------
VIRUS ALERT

Our content checker found
virus: Worm.Mydoom.M

in an email to you from unknown sender:
?@[117.216.79.3]
claiming to be: <>

Content type: Virus
Our internal reference code for your message is 06540-11/kbaJ3crU4mYS

First upstream SMTP client IP address: [117.216.79.3] unknown
According to a 'Received:' trace, the message originated at: [117.216.79.3],
Example.com (unknown [117.216.79.3])

Return-Path: <>
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Message-ID: <20111123085139.915DB9E7A9B@example.com>
Subject: MESSAGE COULD NOT BE DELIVERED
The message has been quarantined as: virus-kbaJ3crU4mYS

Please contact your system administrator for details.
-------------------------------------------------------------------------
also we fond alert mail on our admin account with header attachment.
A virus was found: Worm.Mydoom.M

Scanner detecting a virus: ClamAV-clamd

Content type: Virus
Internal reference code for the message is 07368-02/PRmzQlCAbnHx

First upstream SMTP client IP address: [117.216.79.3] unknown
According to a 'Received:' trace, the message originated at: [117.216.79.3],
example.com (unknown [117.216.79.3])

Return-Path: <>
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Message-ID: <20111123085227.A74C39E7F99@example.com>
Subject: Returned mail: see transcript for details
The message has been quarantined as: virus-PRmzQlCAbnHx

Notification to sender will not be mailed.

The message WAS NOT relayed to:
<anilaavani@xxxx.xxx>:
250 2.7.0 Ok, discarded, id=07368-02 - VIRUS: Worm.Mydoom.M
<ekm.anilkumar@example.com>:
250 2.7.0 Ok, discarded, id=07368-02 - VIRUS: Worm.Mydoom.M

Virus scanner output:
p004: Worm.Mydoom.M FOUND
--------------------------------------------------------------------------
Quarantined the email by the clamAV. Any issues regarding the same and kindly suggest the necessary step to block this mails/ kill the antivirus from our server.
We are using zimbra Release 5.0.2_GA_1975.RHEL5_20080130221917 RHEL5 FOSS edition installed on RHEL 5.2 (i386).antivirus - ClamAV 0.95.1.
help me pls

[phoenix]

Quote:

Originally Posted by bibin

we have also the same problem with Worm.Mydoom.M virus.

I don't actually see where the problem is. Zimbra (the A/V component) found a virus in an email intended for your users and it's been quarantined, where's the problem in that?

[bibin]

lot of notification mail sent on all users the said virus alert.. any changes to be done from the system admin side???

[raj]

Yes you can disable the warning message to users and to admin, following will STILL BLOCK the virus and quarantine it and will not do the 2nd part of sending the warning report to the user/admin.

Quote:

su - zimbra
zmprov mcf zimbraVirusWarnRecipient FALSE
zmprov mcf zimbraVirusWarnAdmin FALSE
zmcontrol stop
zmcontrol start

[bibin]

Thanks Mr. raj. thanks for your support. we have unchecked the "send notification" from AS/AV tab of admin console. it will works fine. Lot of emails blocked with virus attack Worm.Mydoom.M and its quarantined in zimbra/amavisd.XX.X/quarantine folder. We found the log file it seen that lot of mails sent from "exampleB@.com" to many ids *yahoo.com.... etc. Our server is exampleA.com. no idea about such mails.. log is enclosed. At the same time lot of mails differed/active state with sender id "examleB.com. How this happened?? zimbra all services are running. Pls support me....
-------------------------------------------------------------------------------------------------
Nov 23 21:08:33 exampleA amavis[27504]: (27504-14) ...esteban@yahoo.com>,<clarence_foronda@yahoo.com> ,<clarence_freeman1965@yahoo.com>,<clarence_harp@y ahoo.c
om>,<clarence_ice13@yahoo.com>,<clarence_kulit26@y ahoo.com>,<clarence_luther@yahoo.com>,<clarence_ma ui@yahoo.com>,<clarence_mongado@yahoo.com>,<claren ce_pere
go69@yahoo.com>,<clarence_puller@yah...ndez@yahoo.com>,<clarence_victa@yahoo.
com>, Message-ID: <20111123153759.D1D079E4726@exampleA.gov.in>, mail_id: bdlZKjg4RAcq, Hits: 16.326, size: 2166, 318 ms
Nov 23 21:08:34 exampleA amavis[27725]: (27725-11) ESMTP::10024 /opt/zimbra/amavisd/tmp/amavis-20111123T210624-27725: <exampleB.com> -> <clarencekalepa@yahoo.
co.uk>,<clarence081850@yahoo.com>,<clarence12002@y ahoo.com>,<clarence1230@yahoo.com>,<clarence17clai re@yahoo.com>,<clarence20001@yahoo.com>,<clarence2 5us@yah
oo.com>,<clarence4397@yahoo.com>,<clarence451@yaho o.com>,<clarence572002@yahoo.com>,<clarencealderso n@yahoo.com>,<clarenceandbev@yahoo.com>,<clarencea pple@ya
hoo.com>,<clarencebarron06@yahoo.com>,<clarencebet ito@yahoo.com>,<clarencebillett1@yahoo.com>,<clare ncebrothers@yahoo.com>,<clarenceburrell@yahoo.com> ,<clare
ncebutler95@yahoo.com>,<clarencechan...miii@yahoo.com>,<clarencecunningh
am46@yahoo.com>,<clarencedahle@yahoo...iley@yahoo.com>,<clarenceedwardsmith2002@yahoo.c
om>,<clarenceels@yahoo.com>,<clarenceevalenegivens @yahoo.com>,<clarencef5@y...
Nov 23 21:08:34 exampleA amavis[27725]: (27725-11) ...ahoo.com>,<clarencefisherman@yahoo.com>,<claren cefrancois@yahoo.com>,<clarencehart40823@yahoo.com >,<cla
rencehendricks@yahoo.com>,<clarencej...hn@yahoo.c om>,<cl
arenceleefosterjr@yahoo.com>,<claren...anze@yahoo.com>,<clarencenorman@yahoo.c
om>,<clarencephill@yahoo.com>,<clarencerambau@yaho o.com>,<clarencerankins@yahoo.com> SIZE=2166 Received: from exampleA.gov.in ([127.0.0.1]) by localhost (its
chool.gov.in [127.0.0.1]) (amavisd-new, port 10024) with ESMTP; Wed, 23 Nov 2011 21:08:34 +0530 (IST)
Nov 23 21:08:34 exampleA amavis[27725]: (27725-11) Checking: wcJQJxqUzpUf [182.62.201.72] <exampleB.com> -> <clarencekalepa@yahoo.co.uk>,<clarence081850@yah oo
.com>,<clarence12002@yahoo.com>,<clarence1230@yaho o.com>,<clarence17claire@yahoo.com>,<clarence20001 @yahoo.com>,<clarence25us@yahoo.com>,<clarence4397 @yahoo.
com>,<clarence451@yahoo.com>,<clarence572002@yahoo .com>,<clarencealderson@yahoo.com>,<clarenceandbev @yahoo.com>,<clarenceapple@yahoo.com>,<clarencebar ron06@y
ahoo.com>,<clarencebetito@yahoo.com>,<clarencebill ett1@yahoo.com>,<clarencebrothers@yahoo.com>,<clar enceburrell@yahoo.com>,<clarencebutler95@yahoo.com >,<clar
encechaney1962@yahoo.com>,<clarencec...am46@yahoo.com>,<clarencedah
le@yahoo.com>,<clarencedavis5000@yah...ls@yaho o.com>,
<clarenceevalenegivens@yahoo.com>,<clarencef5@yaho o.com>,<clarencefisherman...
Nov 23 21:08:34 exampleA amavis[27725]: (27725-11) ...@yahoo.com>,<clarencefrancois@yahoo.com>,<clare ncehart40823@yahoo.com>,<clarencehendricks@yahoo.c om>,<c
larencejade@yahoo.com>,<clarencejj43...jr@yah oo.com>
,<clarencem01@yahoo.com>,<clarencematz@yahoo.com>, <clarencemcgee75@yahoo.com>,<clarencemiranze@yahoo .com>,<clarencenorman@yahoo.com>,<clarencephill@ya hoo.com
>,<clarencerambau@yahoo.com>,<clarencerankins@yaho o.com>
Nov 23 21:08:34 exampleA amavis[27725]: (27725-11) cached c081a7577bd31e409cee4855aaa92846 from <exampleB.com> (1,1)
Nov 23 21:08:34 exampleA amavis[27725]: (27725-11) Blocked SPAM, [182.62.201.72] [182.62.201.72] <exampleB.com> -> <clarencekalepa@yahoo.co.uk>,<clarence08185
0@yahoo.com>,<clarence12002@yahoo.co...25us@yahoo.com>,<clarence4397
@yahoo.com>,<clarence451@yahoo.com>,<clarence57200 2@yahoo.com>,<clarencealderson@yahoo.com>,<clarenc eandbev@yahoo.com>,<clarenceapple@yahoo.com>,<clar encebar
ron06@yahoo.com>,<clarencebetito@yah...95@ya hoo.com
>,<clarencechaney1962@yahoo.com>,<clarencechiwara@ yahoo.com>,<clarenceclyburn91@yahoo.com>,<clarence crumiii@yahoo.com>,<clarencecunningham46@yahoo.com >,<clar
encedahle@yahoo.com>,<clarencedavis5...2002@yahoo.com>,<clarenceels@yaho
o.com>,<clarenceevalenegivens@yahoo.com>,<clarence f5@yahoo.com>,<clarencefi...
Nov 23 21:08:34 exampleA amavis[27725]: (27725-11) ...sherman@yahoo.com>,<clarencefrancois@yahoo.com> ,<clarencehart40823@yahoo.com>,<clarencehendricks@ yahoo.
com>,<clarencejade@yahoo.com>,<clarencejj43@yahoo. com>,<clarencejr21@yahoo.com>,<clarencekajune@yaho o.com>,<clarencekrohn@yahoo.com>,<clarenceleefoste rjr@yah
oo.com>,<clarencem01@yahoo.com>,<clarencematz@yaho o.com>,<clarencemcgee75@yahoo.com>,<clarencemiranz e@yahoo.com>,<clarencenorman@yahoo.com>,<clarencep hill@ya
hoo.com>,<clarencerambau@yahoo.com>,<clarenceranki ns@yahoo.com>, Message-ID: <20111123153759.D6B9A9E4741@exampleA.gov.in>, mail_id: wcJQJxqUzpUf, Hits: 16.32
6, size: 2166, 313 ms
Nov 23 21:08:36 exampleA saslauthd[8844]: zmauth: authenticating against elected url 'https://exampleA.gov.in:7071/service/admin/soap/' ...
Nov 23 21:08:36 exampleA saslauthd[8844]: auth_zimbra: test auth OK

[yorry]

Dear Mr. raj. thanks for your support.

I received lots of mail :


Would you tell me how can block it?

Thanks

mail name mail delivery system

details.txt content:
Reporting-MTA: dns; mx3-30.sinamail.sina.com.cn
X-Postfix-Queue-ID: 9391A1F7006B
X-Postfix-Sender: rfc822; yao@yufat.com
Arrival-Date: Mon, 28 Nov 2011 17:21:05 +0800 (CST)

Final-Recipient: rfc822; guilins@mail3-32.sinamail.sina.com.cn
Action: failed
Status: 5.2.2
Remote-MTA: dns; 10.55.2.32
Diagnostic-Code: smtp; 522 5.2.2 can not find the user path


undelivered message headers.txt content:

Return-Path: <yao@yufat.com>
Received: from irxd5-186.sinamail.sina.com.cn (unknown [10.55.5.186])
by mx3-30.sinamail.sina.com.cn (Postfix) with ESMTP id 9391A1F7006B
for <guilins@sina.com>; Mon, 28 Nov 2011 17:21:05 +0800 (CST)
X-Sender: yao@yufat.com
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgOsAKov007aZ1UcTXpoAESFA5FTjW6FM4EPGAEBIAsEPII+SQ RGBEEJER0HniCNfAiRAIlIgRoEiB+FA1+WdYFs
X-Spam-flag: YES
Received: from mail.yufat.com ([218.103.85.103])
by irxd5-186.sinamail.sina.com.cn with ESMTP; 28 Nov 2011 17:20:52 +0800
Received: from localhost (localhost [127.0.0.1])
by mail.yufat.com (Postfix) with ESMTP id 58DE41DD016F;
Mon, 28 Nov 2011 17:19:57 +0800 (HKT)
X-Virus-Scanned: amavisd-new at mail.yufat.com
Received: from mail.yufat.com ([127.0.0.1])
by localhost (mail.yufat.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Iv-o-bH24CJC; Mon, 28 Nov 2011 17:19:57 +0800 (HKT)
Received: from EKTWkddxloo (unknown [124.229.32.220])
by mail.yufat.com (Postfix) with ESMTPA id E3ED91DD0169;
Mon, 28 Nov 2011 17:19:55 +0800 (HKT)
From: "Xjfcin" <yao@yufat.com>
To: "guilin-s" <guilin-s@163.com>
Subject:
=?GB2312?B?0vK12sj9t721xNTwyM62+LL6yfrSvcHGt9HTw7X Eo6zE3LfxsajP+jUxZ1U=?=
Message-ID: <201111281722190315974@yufat.com>
Date: Mon, 28 Nov 2011 17:22:19 +0800
X-Mailer: Foxmail 6, 10, 201, 20 [cn]
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=zul206_3457_141307377.285071"
X-Priority: 3