Virus Outbreak

Yet-another-Windows-virus has hit us again. I think this time we stopped the damage pretty darn quickly.

You see, I am a statistics junkie. Graphs are my favorite. I love being able to whittle down gigs of log information into one easy-to-ready purdy graph. See the following graphs as examples to what I’m talking about:

The above graph is information on how many emails we rejected during the recent outbreak and how the infection has all but died out. We received our ClamAV virus signatures at 10:38 AM PST. Yes, you are reading that correctly; we got up in the 700 messages rejected per minute range for most of the day.

If ever there was a good reason to have external mail relays with an easy to use MTA (in our case Postfix) then the above image should clarify. Above we see that some of the folks that we relay mail for could not handle the influx of mail and started to stop accepting mail. Fortunately we have loads of queue space and were able to weather the storm.

I would chalk up the success to the fact that we have some great software (Postfix, ClamAV, amavisd-new and Spamassassin — check out this fantastic howto by Tobias Rice if you want to give this a shot on your relays). This is easily the fifth time that these open source applications (and signatures maintained by volunteers) has saved our bacon. It took a full 3 more hours to get the definitions for the applications we pay for.