R: Does bind send email?

Chiesa Stefano Stefano.Chiesa at wki.it
Fri Jul 9 14:13:33 UTC 2010


Looking at the Mcafee AccessProtectionLog I noticed that behaviour only 26 times starting from 06/06/2009.
Too few tries for a malware/virus, isn't it?

Could it be a port used fortuitously by named in his random port use?

Ciao.
Stefano.

-----Messaggio originale-----
Da: bind-users-bounces+stefano.chiesa=wki.it at lists.isc.org [mailto:bind-users-bounces+stefano.chiesa=wki.it at lists.isc.org] Per conto di Chiesa Stefano
Inviato: venerdì 9 luglio 2010 15.09
A: bind-users at lists.isc.org
Oggetto: R: Does bind send email?

A couple of details:

* bind is working fine and on the server the Task Manager shows just one named.exe process ("show processes from all users" checked)
* I don't' think McAfee is triggering on MX lookups because he's blocking connection on port 25  (look at the end of log line: 	187.58.17.194:25)

08/06/2010	23.31.19	1094	C:\bind\bin\named.exe	Protezione antivirus standard:Impedisci a worm distribuiti tramite mass-mailing di inviare messaggi	187.58.17.194:25

Regards.
Stefano.

-----Messaggio originale-----
Da: bind-users-bounces+stefano.chiesa=wki.it at lists.isc.org [mailto:bind-users-bounces+stefano.chiesa=wki.it at lists.isc.org] Per conto di Phil Mayers
Inviato: venerdì 9 luglio 2010 14.23
A: bind-users at lists.isc.org
Oggetto: Re: Does bind send email?

On 09/07/10 12:18, tomasz dereszynski wrote:

>
> check below link
> apparently viruses (some) hide themselves behind that name/process.
> http://www.file.net/process/named.exe.html
>
> mind you, it might be something else ...
>

Maybe McAfee is triggering on MX lookups?
_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



More information about the bind-users mailing list