How Well are Your Servers Handling MyDoom?
whosyourgeekdaddy asks: "A co-worker was showing me some of the usage stats for a clients exchange server: its averaging 630 users, and 300,000 emails per day, for the last 4 days. This made me want to ask how heavy is the workload for your 'average' Exchange server? Is this typical? MyDoom has upped the usage some, but not a lot. This client is a real estate company, so e-mail is frequently used." Of course, Exchange servers aren't the only ones feeling MyDoom. What kind of statistics have you been seeing from MyDoom, both as a user and as an administrator?
grep "X-Infected: W32/Mydoom.A@mm" rejectlog* | wc -l
11096
All rejected at SMTP time, not mindlessly bounced after the fact.
My server isn't even feeling it.
We have about 50 users, we got around 200 viruses in the first 18 hours.
If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.
Spamassassin, postfix, and procmail developers - I sit here at home with a beer whilst my Exchange colleagues want to kill themselves right about now.
Thanks.
since I don't allow in attachments that end in .pif .exe .scr .com or .bat (including zipped ones...thank you antigen), there have been precisely zero delivered to anybody's inboxes.
"Murphy was an optimist" - O'Toole's commentary on Murphy's Law
"How Well are Your Servers Handling MyDoom?" Pretty well. We're thinking of adding another cluster.
Just kidding, lawyers.
_______
2B1ASK1
I'm a mail/systems administrator at a small/medium sized ISP. This virus is nothing compared to the onslaught of spam we get. >2 million total messages a day and blocking >1.6 million due to spam. Our virus filter is taking them out no problem, and no we aren't bouncing it =)
For MyDoom 3, and its starting to feel like its never going to come out.
Vonal Declosion
One trick which helped ease the burden is that the majority of the emails are coming in with very specific topics: "hi", "hello", "test", "status" and "server report". Added this line to my postfix spamfilter rules and it eased a LOT of the burden immediately:
If you're an administrator out there reading this, for the love of whatever god you hold dear TURN OFF YOUR BLOODY VIRUS BOUNCE MESSAGES! I've had as many 'replies' to faked From: headers as virus mails. You're making the problem far worse than it otherwise would be!"People will pay big bucks for the luxury of ignorance."