Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 15 Aug 2011 10:39:13 -0700
From:      Chuck Swiger <cswiger@mac.com>
To:        alexus <alexus@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: looking for a spammer/virii/malware .... on my system
Message-ID:  <D49826AA-9FF9-4848-A92A-5FF29A78679B@mac.com>
In-Reply-To: <CAJxePNKiEmdimqgdtS-jYPOxExL6a489SR5JW2kCd25X6QFuHQ@mail.gmail.com>
References:  <CAJxePNKiEmdimqgdtS-jYPOxExL6a489SR5JW2kCd25X6QFuHQ@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Aug 15, 2011, at 10:05 AM, alexus wrote:
> what else can I do to find it on my system who's trying to connect to
> remote webmail.west.cox.net ?

Monitor your network for SMTP traffic:

  tcpdump -nA -s 0 port 25

If malware is sending out spam, you'll see it and can then use lsof or whatever to identify the specific user/process.

Regards,
-- 
-Chuck




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D49826AA-9FF9-4848-A92A-5FF29A78679B>