How to sent up a "send to spam" automator flow

I've never got my head around automator but think it might be able to do this:
When I get a spam email, I send it on to my spam filter system (mailfoundry, in my case). At the moment, I click "forward", enter the email address, & click send.
Is there a way I can set up a button on mail so that I click just the once & that happens?
Thanks in advance
C

Hi Morgan,
what you also need to do is to assign this derived flow to Business partner. So, please run BP, select your Business partner, for whom this Derived flow is applicable, also choose required Company code and you see then a tab 'SI: Derived flows'. Here you specify for what Product type/ Transaction type this Derivation rule/ procedure is applicable.
Hope this will help you.
Rgds,
Renatas

Similar Messages

My e-mail account is sending out spam mails; how can i delete the virus?

My e.mail account is sending out spam mails; I have got a spam virus probably during download of my e.mails over the i phone. How can i detect and delete the virus?

You do not have a virus on your Mac or iPhone.
An AOL account is accessed as an IMAP account with the Mail app or email client on your Mac, and with the iPhone's Mail app. The sent spam messages being available in the account's Sent mailbox means your AOL account has been compromised.
Change the password for your AOL email account.

In Mail where can i find my sent emails? How do I open this send box?

In Mail how do I open the send box? I need to find and forward my sent emails.

If you hold the iPad in landscape orientation you should see your email account id (or Mailboxes if you only have one email account set up on the iPad) shown top left. Tap on your account id (or Mailboxes), and then tap on Sent to show your Sent emails. You should then be able to select an email and Reply/Reply All/Forward/Print them via the arrow icon top right.

I have a virus - or something - where everyday someone is sending a spam email out to everyone on my mail list - how do i get it to stop?

i have a virus - or something where someone is getting into my mail and sending out spam email to everyone on my mail list - people who i hardly even know. how do i get this to stop?
thanks.

this is the message that is going out:
Subject: (no subject)
http://sharedimage.net/httq59foldroot2.php?subpage234
Make seri0us m0ney 0nline
Gone to see a friend is all right, but I wont have my love given tothem. marcylyn aethelwine
Mon, 2 Apr 2012 18:04:48
This mail has originated outside your organization, either from an external partner or the Global Internet.
Keep this in mind if you answer this message.
it is not going to my address book because a lot of these people are not in there. it is going to people that i emailed from years ago....and it IS connected to either my me.com email or a cox.net email - these are both connected. i'll try the password change on both of these mail accounts and see if that works. a lot of these people are getting three and four emails every day....

How do I save "Sent" messages when sending from the ipad

How do I save "Sent" messages when sending from the ipad2?

By default sent items should be saved in your Sent folder. For IMAP type accounts you should be able to change that by selecting the account in Settings > Mail, Contacts, Calendars , then selecting 'Account' on the popup for it and then 'Advanced' at the bottom of the next popup

Setting the 'Return-Path' of emails sent using the send email behaviour

Hi,
How do I set the 'Return-Path' of emails sent using the send email behaviour? I am having troubles because the emails sent from my page are being filtered out as spam when they should be coming through. the text is the following (it is the notification of an e-card to the recipient):
Dear Bart
We've decided this year to share our holiday greetings while also showing our commitment to protect the planet. Since it takes 24 mature trees to
produce one ton of greeting cards, this e-card shares our holiday wishes with both you and future generations.
Please follow the link below.
Best Wishes,
John
http://www.jdgcsfiles.com/_ecards/viewcard.php?ID_cnt=297
I suspect that it has something to do with the return path setting.
Can anyone help me on this one and get it through the spam filters of most email clients?!
Thanks,
NIk

Hi Nik,
so far the only "flagged as spam" reason I know of is, that ADDT curreently misses to insert the current date/time -- please try the fix mentioned in the thread http://www.adobeforums.com/webx/.3c034953/5 and see if it helps
Cheers,
Günter Schenk
Adobe Community Expert, Dreamweaver

GWIA sending out SPAM

we recently cam under attack from a spammer who's using our system to relay SPAM messages. I have not figured out of they're doing some sort of smtp hacking, or using a groupwise username/password to gain access. I did see an Ip address in the SPAM server log "208.98.175.242" which is also in a blacklist. The sender isn't using our domain to send the spam, they've been using "[email protected]" as the sender address. how do I go about blocking any connections from that IP address???
GroupWise 8.0.2
M+ Guardian SPAM filter

You can set GWIA to only allow specific IP addresses or ranges to relay through it.
The only reason you might want GWIA to serve as an internal relay is for non-GroupWise messages. Things from scanners, pages and text messages from monitoring systems, etc. In this case you would want to set Allow addresses in GWIA to limit its use to internal senders only.
Another option (better, I think, and how we do it) is to setup a Windows VM with IIS and SMTP installed. Use this box as a relay for non-GroupWise messages. This keeps outgoing things out of the GroupWise stream and provides a separate path for important notices from your monitoring systems. You can also bring one down for maintenance and it wont affect the other.
If you are using an external email host that forwards mail to your GWIA then you should set an Allow address to that host specifically. You'll find this option under Access Control...SMTP Relay Settings of GWIA properties.
>>> Bob-O-Rama<[email protected]> 9/13/2012 9:26 PM >>>
Call your spam filter vendor... they should have an opinion.
Ensure the GWIA is *configured to prevent relaying * There is no
reason the GWIA should be relaying even for internal users.
You can, of course, review the GWIA logs, and relaying will be pretty
apparent.
If the messages are being sent from a bogus / external account, its
relaying.
If the messages are sent from some local GW user, then there is a
compromised account. The user agent will also indicate this. We have
seen webaccess
exploited to send messages when the user has disclosed their password.
-- Bob
Bob Mahar -- Novell Knowledge Partner
Do you do what you do at a .EDU? http://novell.com/ttp
"Programming is like teaching a jellyfish to build a house."
More Bob: 'Twitter' (http://twitter.com/BobMahar) 'Blog'
(http://blog.trafficshaper.com) 'Vimeo' (http://vimeo.com/boborama) <--
Click And Be Amazed!
Bob-O-Rama's Profile: http://forums.novell.com/member.php?userid=5269
View this thread: http://forums.novell.com/showthread.php?t=459925

How many mails i can send at a time per day using APEX mail system?

HI,
I am working on application, when i have written a process to send mail, i have a project where i have to send mail at a time for all the email id's
given list there are upto 5000 email id's where text body also include certain set of data from a report. thinking at a time 3000 its difficult i divided
it region wise, but still each region have 2000 odd email id's. during testing when i run the process just 950 mails i could send then i got a error
saying "ORA-20001: You have exceeded the maximum number of email messages per workspace. Please contact your administrator." so please
can any one help me to know How many mails i can send at a time per day using APEX mail system?
Thanks in advance
Gowthami

Hi jfosteroracle,
You are getting the error may be the following reason,
Check the following,
Login as ADMIN and Goto -->Manage Instance-->Instance Settings--> Mail-->Maximum Emails per workspace
Actually this number denotes the Number of mails can be sent per 24 hour for the workspace,It may exceeded.
It may be the reason.
Thank you.
Regards,
Gurujothi
Edited by: Gurujothi on Jun 27, 2012 5:54 AM

Exchange 2010 "This message could not be sent. Try sending the message again later, or contact your network administrator. Error is [0x80004005-00000000-00000000].

Exchange 2010 "This message could not be sent. Try sending the message again later, or contact your network administrator. Error is [0x80004005-00000000-00000000].
In a mixed client environment, mostly Outlook 2010 & 2013 clients. Only Outlook 2013 clients (about only 4 mailboxes) are receiving this error immediately after sending an email. My temp band-aid at the
moment is to: from the client, go into the "address book" & select a different address book like "Contacts" & then select the address again & select the Global Address List, which is the default. (it will have the users email
+ at the beginning of the field, it reads, Global Address List - (email of the user), then I close Outlook & open it back up, & the problem is solved. But on some mailboxes, not all, the issue comes back. From my research, I know that our individual
mailboxes do not send out over 500 emails in one day. Most users will send out maybe 20 or 30 in one day, so I don't think it's that.
But I'm not sure if this is related, but I have noticed that the log files for the Exchange 2010 seems to only hold logs with date stamps of only a couple of days. It used to hold log files indefinitely until they were archived, deleted, etc. So, this is
a new, unusual issue I have seen as well.
We have 2 .edb's, one active: 78 GB's and one disabled at 7 GB's. Exchange 2010 is running on Windows Server 2008 r2, Enterprise Ed. We have had Exchange 2010 running now for about almost 2 years now and this is the first time this particular issue has come
up.
Thanks.

Hi,
You can refer to the following steps to rebuild an Offline Address Book.
1. Open EMS. Update OAB using the Update-OfflineAddressbook "offline address book" cmdlet. Restart Background Intelligent Transfer Service on the Mailbox server.
2. Initiate OAB replication from mail box server to CAS server. Execute for each CAS server using the Update-FileDistributionService "CASServerName" cmdlet.
3. Start Outlook and download OAB.
What's more, here is an article for your reference.
How to Quickly Rebuild an Exchange 2010 Offline Address Book
http://social.technet.microsoft.com/wiki/contents/articles/7725.how-to-quickly-rebuild-an-exchange-2010-offline-address-book.aspx
Hope this can be helpful to you.
Best regards,
Amy Wang
TechNet Community Support

How do you get the sender and receiver pics to show up in iMessage

How do you get the sender and receiver pics to show up in iMessage

'''If this is a new Pop mail account''',
Those folders do not appear until you have actually Sent or saved a Draft email.
check settings:
Tools > Account Settings > Copies & Folders
* select: 'place a copy in'
* select: 'Sent' folder on the mail account
For Archive
* select 'keep message archives in:'
* choose ' 'Archives' folder on mail account
For Drafts and Templates
* choose 'Drafts' folder on mail account
* choose 'Templates' folder on mail account
* click on OK
'''If you have an IMAP mail account''',
you need to make sure you have selected to subscribe to see those folders.
Then make sure your settings use those folders.
Tools > Account Settings > Copies & Folders
* select: 'place a copy in'
* select: 'Other' and choose the sent folder on the server mail account
* If you want all Archive, Drafts and Templates to also be saved to the server folders, choose 'Other' and the respective folder on the server mail account.
* Click on OK to save changes.
More info on synchronising:
* https://support.mozilla.org/en-US/kb/imap-synchronization
Info on IMAP gmail:
* https://support.mozilla.org/en-US/kb/thunderbird-and-gmail
I note that you are using a gmail mail account. Please note that the gmail 'All Mail' folder is gmails archive copy of all of your emails, so if you subscribe to see this folder it will double the amount of space used. It is suggested that you do not subscribe to see this folder.
Read section under 'All Mail':
* http://kb.mozillazine.org/Using_Gmail_with_Thunderbird_and_Mozilla_Suite

I send out invoices via a package. This creates 300 open emails which requires individual sending. How am I able to send without opening each message?

I send out monthly invoices and statements via an accounting package (as attachments). This creates 300+ open emails which requires that I switch to each open email and click send. How am I able to send without entering each message and pressing the send button?

Thunderbird simply does not support the sending of mail from Third party applications. only the creation. This is a security feature that stops a virus spamming your address book.
If you want automation, use windows live mail.

How can I receive a "send receipt" for email I send?

How can I receive a "send receipt" when I send email?

You'll essentially get a "Send Receipt" immediately after sending as the message will appear in your Sent mailbox.
If you are looking for a "read reciept," It is pretty much not supported by Mail. You can set up a header for all outgoing email which will attempt to intrude on your recipients' privacy, but it will be for all emails.
Also, many email clients will not respond to a read receipt, including Mail. Even if they will respond to a read receipt, the default setting is uaually to ask the user prior to sending. So, there is no guarantee you will ever get a read receipt.
I have no idea if this still works: http://email.about.com/od/macosxmailtips/qt/et_request_recp.htm
If it is really that important to you, add a sentence to your signature explaining the great necessity that you need to invade your recipient's privacy and that they need to respond immediately to let you know they've read your email.

How to sent/recieve simple USB commands?

Hello,
Before I start. I've been reading om the internet (USB tutorials, nuggets, etc.) for the last 2 days to get this,
but it is really confusing and I still have no idea how to do this. So I'm asking for your help.
I setup a custom USB device in MAX.
I need to sent this command: 0x2 M 1 0x3
Were 0x2 defines the start and 0x3 defines the end of the command.
I think I have to use a control transfer, but I do not understand what to use at the Index, Value, Request Value,
Request and Length inputs. I also do not understand how to sent Hex, Dec and ASCII at the same time.
Do I need to convert these values?
I would really appreciate some example code. Can I use the VISA commands?
Kudos will be given, thank you in advance
The Enrichment Center is required to remind you that you will be baked, and then there will be cake.
Solved!
Go to Solution.

Heinen wrote:
I need to sent this command: 0x2 M 1 0x3
I also do not understand how to sent Hex, Dec and ASCII at the same time.
Do I need to convert these values?
I am not sure about the Index, Value, Request Value,
But about sending your comand....
I assume the space before the "M" and the space after the "1" is not needed,
but the space between the "M" and the "1" is needed
Omar

How to know the mail send by outlook or owa ?

how to know the mail send by outlook or owa ?
Please click the Mark as Answer button if a post solves your problem!

Hi Eric,
I think there is no possible way to check if the mail is sent was from Outlook or OWA.
Regards.
Naren Neelam, Messaging Consultant, ITBigBang (P) Ltd Www.ITBigBang.Com | Hire Us for Messaging Consulting
It actually is possible for an admin to tell if a message was sent from Outlook or OWA by looking at the MessageTracking and the information in
SourceContext. MOMT is Outlook and the other two speaks for them self.
Get-MessageTrackingLog -Start 2014-05-12 -Sender
[email protected] -EventId submit | fl Sender,sourceContext
Sender        :
[email protected]
SourceContext : MDB:995793b8-2c2c-4a14-b617-3e54371179ec, Mailbox:5e29199f-b877-46ed-b985-f2ede9bad293, Event:8351505, MessageClass:IPM.Note, CreationTime:2014-05-12T16:41:29.038Z, ClientType:MOMT
Sender        :
[email protected]
SourceContext : MDB:995793b8-2c2c-4a14-b617-3e54371179ec, Mailbox:5e29199f-b877-46ed-b985-f2ede9bad293, Event:8351552,MessageClass:IPM.Note, CreationTime:2014-05-12T16:44:52.039Z, ClientType:OWA
Sender        :
[email protected]
SourceContext : MDB:995793b8-2c2c-4a14-b617-3e54371179ec, Mailbox:5e29199f-b877-46ed-b985-f2ede9bad293, Event:8351611,MessageClass:IPM.Note, CreationTime:2014-05-12T16:46:25.772Z, ClientType:AirSync
Martina Miskovic

OSX server sending out "spam?"

I'm a student at a technical college and am working part time for the Mac admin guy. We have about 400 macs in the art dept. Yesterday our sysadmin said our server was sending out spam.
This server is not running mail but here are a couple of excerpts from our mail.log:
Aug 7 06:40:38 servername postfix/pickup[14340]: 547BE6B7AB8: uid=1032 from=<image>
Aug 7 06:40:38 servername postfix/cleanup[14552]: 547BE6B7AB8: message-id=<20070807114037.547BE6B7AB8@servername>
Aug 7 06:40:38 servername postfix/qmgr[14556]: 547BE6B7AB8: from=<[email protected]>, size=1675, nrcpt=1 (queue active)
Aug 7 06:40:45 servername postfix/smtp[14557]: 547BE6B7AB8: host g.mx.mail.yahoo.com[206.190.53.191] said: 421 Message temporarily deferred - 4.16.51. Please refer to http://help.yahoo.com/help/us/mail/defer/defer-06.html (in reply to end of DATA command)
Aug 7 06:40:45 servername postfix/smtp[14557]: 547BE6B7AB8: to=<[email protected]>, relay=d.mx.mail.yahoo.com[216.39.53.2], delay=8, status=sent (250 ok dirdel)
Aug 7 06:40:45 servername postfix/qmgr[14556]: 547BE6B7AB8: removed
Aug 7 06:44:23 servername postfix/pickup[14340]: C0F876B7AC2: uid=1032 from=<image>
Aug 7 06:44:23 servername postfix/cleanup[14600]: C0F876B7AC2:message-id=<20070807114423.C0F876B7AC2@servername>
Aug 7 06:44:23 servername postfix/qmgr[14556]: C0F876B7AC2: from=<[email protected]>, size=1626, nrcpt=1 (queue active)
Aug 7 06:44:23 servername postfix/pickup[14340]: C8D2C6B7AC4: uid=1032 from=<image>
Aug 7 06:44:23 servername postfix/cleanup[14600]: C8D2C6B7AC4: message-id=<20070807114423.C8D2C6B7AC4@servername>
Aug 7 06:44:23 servername postfix/pickup[14340]: CEC0B6B7AC6: uid=1032 from=<image>
Aug 7 06:44:23 servername postfix/cleanup[14600]: CEC0B6B7AC6:message-id=<20070807114423.CEC0B6B7AC6@servername>
Aug 7 06:44:23 servername postfix/qmgr[14556]: C0F876B7AC2: to=<[email protected]>, relay=none, delay=0, status=bounced (invalid recipient syntax: "[email protected]")
Aug 7 06:44:23 servername postfix/qmgr[14556]: C8D2C6B7AC4: from=<[email protected]>, size=1624, nrcpt=1 (queue active)
Aug 7 06:44:23 servername postfix/cleanup[14600]: DA8706B7AC9: message-id=<20070807114423.DA8706B7AC9@servername>
and
Aug 8 10:11:57 servername postfix/qmgr2338: DADE98C3EB9: to=<[email protected]>, relay=none, delay=14040, status=deferred (delivery temporarily suspended: host ironport1.chron.comhttp://130.80.29.15 refused to talk to me: 554 ironport1.chron.com)
Aug 8 10:11:57 servername postfix/qmgr2338: E89098C1C03: to=<[email protected]>, relay=none, delay=14082, status=deferred (delivery temporarily suspended: host ironport1.chron.comhttp://130.80.29.15 refused to talk to me: 554 ironport1.chron.com)
Aug 8 10:11:57 servername postfix/qmgr2338: EEE378C2CB3: to=<[email protected]>, relay=none, delay=14231, status=deferred (delivery temporarily suspended: host ironport1.chron.comhttp://130.80.29.15 refused to talk to me: 554 ironport1.chron.com)
Aug 8 10:11:57 servername postfix/smtp13748: 2C26E8979B3: to=<[email protected]>, relay=mx-nj-2.pobox.comhttp://208.210.124.72, delay=39263, status=deferred (host mx-nj-2.pobox.comhttp://208.210.124.72 said: 450 <[email protected]>: Sender address rejected: Domain not found (in reply to RCPT TO command))
Aug 8 10:11:57 servername postfix/smtp13748: 2BC7D8C61AC: to=<[email protected]>, relay=mail.cyberscope.nethttp://64.95.223.22, delay=13796, status=deferred (host mail.cyberscope.nethttp://64.95.223.22 said: 451 unable to accept non-FQDN HELO (#4.3.0) (in reply to MAIL FROM command))
Aug 8 10:11:57 servername postfix/smtp13748: connect to cluster9.us.messagelabs.comhttp://216.82.253.115: Connection refused (port 25)
Aug 8 10:11:57 servername postfix/smtp13748: connect to cluster9.us.messagelabs.comhttp://216.82.250.99: Connection refused (port 25)
Aug 8 10:11:57 servername postfix/smtp13748: connect to cluster9.us.messagelabs.comhttp://216.82.250.115: Connection refused (port 25)
We set up VirusBarrier and scanned the server. This is a copy of our console.log:
Mac OS X Version 10.4.9 (Build 8P135)
2007-08-08 10:20:50 -0500
2007-08-08 10:20:55.538 SystemUIServer486 lang is:en
Aug 8 10:22:39 servername authexec: executing /Library/Intego/netupdated.bundle/Contents/Resources/NetUpdate Installer.app/Contents/MacOS/NetUpdate Installer
Aug 8 10:49:43 servername servermgrd: servermgr_dns: no name available via DNS for our IP addy
Aug 8 10:49:43 servername servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
virus OSX.Botch.Gen found in file: /Volumes/Startup OS X/private/var/tmp/ /mech/kupdateb
virus OSX.Botch.Gen found in file: /Volumes/Startup OS X/private/var/tmp/ /mech/src/mech
virus OSX.PsyBot.232 found in file: /Volumes/Startup OS X/private/var/tmp/psybnc/psybnc
Aug 8 11:19:43 servername servermgrd: servermgr_dns: no name available via DNS for our IP addy
Aug 8 11:19:43 servername servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
virus OSX.Botch.Gen found in file: /Volumes/Startup OS X/private/var/tmp/ /mech/kupdateb
virus OSX.Botch.Gen found in file: /Volumes/Startup OS X/private/var/tmp/ /mech/src/mech
<CFURL 0x62bd440 0xa07bc150>{type = 15, string = file://localhost/Library/Contextual%20Menu%20Items/PortfolioCM.plugin/, base = (null)}
Finder tool: request to change uid to 501 gid to -1 for /private/tmp/vbx4smail_6v97Qz
virus Resource structure error found in file: /Volumes/Image Backup Drive/Old Labs Images/345 iMacs/Macintosh HD/System Folder/Help/HP LaserJet Printer Help/Help/Graphics/printer_word.JPG
Aug 8 11:49:43 servername servermgrd: servermgr_dns: no name available via DNS for our IP addy
Aug 8 11:49:43 servername servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/animations/flahsbathtub/WS_FTP.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/animations/WS_FTP.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/contact/WS_FTP.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/illustrations/photomontage/WS_FTP.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/illustrations/WS_FTP.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/images/WS_FTP.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/greennotes/WS_FTP.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/madisonframes/ARTWORK/WS_FTP.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/makingcrepes/crepesjpeg/WS_FTP.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/WS_FTP.LOG
virus Resource structure error found in file: /Volumes/Image Backup Drive/.Trashes/501/printer_word.JPG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-08-37.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-08-41.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-08-45.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-09-01.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-09-15.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-09-22.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/greennotes/WS_FTP.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/madisonframes/ARTWORK/WS_FTP.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/makingcrepes/crepesjpeg/WS_FTP.LOG
Aug 8 12:19:43 servername servermgrd: servermgr_dns: no name available via DNS for our IP addy
Aug 8 12:19:43 servername servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly
<CFURL 0x5004b0 0xa07bc150>{type = 15, string = file://localhost/Library/Contextual%20Menu%20Items/PortfolioCM.plugin/, base = (null)}
<CFURL 0x3a5c30 0xa07bc150>{type = 15, string = file://localhost/Library/Contextual%20Menu%20Items/PortfolioCM.plugin/, base = (null)}
Aug 8 12:26:21 servername ARDAgent 320: no multicast
virus Resource structure error found in file: /Volumes/Image Backup Drive/.Trashes/501/printer_word.JPG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-08-37.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-08-41.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-08-45.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-09-01.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-09-15.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP 12-09-22.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/.Trashes/501/WS_FTP.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/greennotes/WS_FTP.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/madisonframes/ARTWORK/WS_FTP.LOG
virus Resource error : data offset > Res. map offset found in file: /Volumes/Image Backup Drive/Old Labs Images/Portfolio/Mac HD/Desktop Folder/Portfolios/SMVandre/websites/makingcrepes/crepesjpeg/WS_FTP.LOG
Aug 8 12:29:49 servername cyrus-quota1693: DBERROR: reading /var/imap/db/skipstamp, assuming the worst: No such file or directory
at which point we rebooted.
So we have changed all are passwords, are reimaging everything and had the sysadmin block all outgoing messages on port 25. In addition we have sent copies of the logs to Intego.
That all happened Wednesday. Unfortunately this mornings system log had:
Aug 10 02:58:45 servername VirusBarrierServer[461]: File infected: /private/var/tmp/.blan/.bot/rom by OSX.Botch.302
Aug 10 02:59:08 servername VirusBarrierServer[461]: File infected: /private/var/tmp/.ou/.bot/ru by OSX.Botch.302
Aug 10 02:59:28 servername VirusBarrierServer[461]: File infected: /private/var/tmp/.tmp/ /.bot/darwin by OSX.Botch.302
Aug 10 02:59:49 servername VirusBarrierServer[461]: File infected: /private/var/tmp/.tmp/.bot/crond by OSX.Botch.302
I know that this is an incredibly vague question but what would you suggest I do now?
Is there a way to find out where these "virus'" came from?
It is not impossible they were put on by a student as we recently found out that a number of the help desk students had the Mac admin password. I've looked at the install logs and the only things I see are the Apple software updates and apps we installed ourselves.
I realize that no mac virus' or worms have been found in the wild so it is unclear what VirusBarrier is reporting but it seems that ummm "something" is hiding somewhere and "infecting" these files and I'd like to get rid of it.
thanks for your time and help )
lex
Message was edited by: LexaniG

What appears to be happening is that something is installing the IRC bot EnergyMech in hidden files on our server.
Aug 10 02:59:28 servername VirusBarrierServer461: File infected: /private/var/tmp/.tmp/ /.bot/darwin by OSX.Botch.302
When I checked the contents of the .tmp file with ls -Rla I found:
.tmp/ :
otal 1320
drwxr-xr-x 4 image wheel 136 Jun 24 19:44 .
drwxr-xr-x 5 image wheel 170 Jun 24 19:44 ..
drwx------ 16 image wheel 544 Jun 24 20:00 .bot
-rw-r--r-- 1 image wheel 675159 Jun 24 19:44 sclavi.tar
.tmp/ /.bot:
total 2144
drwx------ 16 image wheel 544 Jun 24 20:00 .
drwxr-xr-x 4 image wheel 136 Jun 24 19:44 ..
-rw-r--r-- 1 image wheel 351 Jun 28 10:00 1
-rw-r--r-- 1 image wheel 351 Jun 28 10:00 2
-rw-r--r-- 1 image wheel 351 Jun 28 07:00 3
-rwx------ 1 image wheel 412095 Jul 8 2005 bash
-rwxr-xr-x 1 image wheel 0 Aug 10 02:59 darwin
-rw-r--r-- 1 image wheel 354306 Oct 19 2005 freebsd
-rw------- 1 image wheel 22465 Jun 13 2001 mech.help
-rw-r--r-- 1 image wheel 1015 Jun 28 10:00 mech.levels
-rw------- 1 image wheel 6 Jun 24 19:44 mech.pid
-rw-r--r-- 1 image wheel 1457 Jun 28 10:00 mech.session
-rw-r--r-- 1 image wheel 5365 May 4 11:34 mech.set
-rwxr-xr-x 1 image wheel 178908 Sep 20 2005 pico
-rw-r--r-- 1 image wheel 87673 Jun 27 2006 pico.tgz
drwx------ 10 image wheel 340 May 27 2004 randfiles
After chmoding the files so that they were non-excecutable mech.set contained this:
# Zei`s EnergyMech configuration file
# v2.9.3 - CristofoR
##### Linking #####
#ENTITY emech
#LINKPASS abc123
#LINKPORT 49152
#LINK hismech a1b2c3 mech.host.net 49152
#LINK hermech abcdefg 0 0
AUTOLINK
##### Server List ####
SERVER LosAngeles.CA.US.Undernet.org 6665
SERVER LosAngeles.CA.US.Undernet.org 6668
SERVER LosAngeles.CA.US.Undernet.org 7000
Unfortunately as a student I theoretically don't have access to the server again until Monday... But I'll go in tomorrow and try and find someone to turn it off. heh (I suppose one way to find out who's on call is to shut it down and see who shows up...) In any case I'll try and delete any of these files I can find.
My boss is out of town and I'm over my head here so any and all suggestions will be gratefully received.
thanks
lex
Message was edited by: LexaniG
Message was edited by: LexaniG

How to sent up a "send to spam" automator flow

Similar Messages

Maybe you are looking for