Email Malware

Discussion in 'H-Sphere Reseller Hosting' started by hafa, Jun 28, 2016.

  1. hafa

    hafa Perch

    Across all 130+ domains we currently host with Jodohost, the prevalence of email with malware attachments* is reaching epidemic proportions, with the majority of domains reporting that these malicious emails constitute 20-30% of all emails received.

    We have anti-virus enabled globally in all domains, but it's clearly not doing its job. What is Jodohost doing to address this issue?

    * The vast majority of malware loads are ransomware.
    cc9 likes this.
  2. Stephen

    Stephen US Operations Staff Member

    These arent being detected at gmail either, I've gotten over 18 copies of these at gmail recently too. Something with it is changing up very frequently making detection by the scans near impossible.
  3. dlrmartin

    dlrmartin Perch

    Same issue here. Tons of SPAM, tons of malware.
    After 11 years as JH customer, I'm starting to move to other provider. So sad for me.
    But miles of tickets and JH no solve the issue.
    JH has changed a lot this year.
  4. Stephen

    Stephen US Operations Staff Member

    This is not due to us, we have acted, we are not ignoring this, but there is not much we can do to improve it with the ancient software which is why we are making new software that we control and keep updated.
    Your 'miles of tickets' aren't ignored, there is just limited action we can take to improve it with the limits imposed by the back end and the fact that the software won't function with hsphere if it is updated.
  5. hafa

    hafa Perch

    Hey, Stephen

    Please take the following questions as genuine curiosity, rather than antagonism, as it would be helpful to us resellers to understand the steps being taken. I also understand that there's some things that cannot be divulged in a (semi) public forum, but any information is truly appreciated.

    Please delineate actions that have been taken to ameliorate the deluge of malware and spam.

    Is this a reference to the new ticket system, or something else? If the later, please elaborate.

    Once again, please clarify if this is referring to the new ticket system, or something else. If the later, please also elaborate.
  6. Stephen

    Stephen US Operations Staff Member

    I understand hafa :)

    I am saying not that the emails coming through isn't an issue, but we have worked extensively to upgrade the email backend Hsphere uses, but certain portions of it are just outdated and will not update to the latest versions and continue working with the control panel.


    Answer to rest, has nothing at all to do with the ticket system. We are building a complete automation system in house and have been for quite some time, but it isn't yet ready for public consumption, and will be rolled out in phases.
  7. cc9

    cc9 Perch

    same here. customers are complaining!!! :mad::mad::mad:

    what should I do? just accept this? :mad::mad::mad:
  8. Stephen

    Stephen US Operations Staff Member

    cc9, We are testing some optional (but will not be added cost) changes to put a filtering system in front of your domains. This will block those malwares from copier, scanner, xerox etc that are coming, and maybe even initially a couple good mails, but it does have a way for you to get those good mails and mark them as good so such doesn't happen again. It's done a good job so far on one resellers testing domains by looking at the blocked logs, but we are awaiting feedback on it still, expect it to be a few days.
  9. cc9

    cc9 Perch

    Stephen:

    1. is it gonna be based on request? can we set it by our self with some kind of admin panel / hsphere?

    2. mail from copier, xerox, are usually from the same domain. what about spam from external domain? with subject like: {Filename?} fixed invoice ... or Invoice ... attached

    me & my clients receive spams from same & external domain every day!

    3. there are a lot of emails with: Warning: This message has had one or more attachments removed (webmaster_260.zip, AT0000B49.wsf). Please read the "AntiSpam-Attachment-Warning.txt" attachment(s) for more information.

    those messages are spam anyway. can't we just block the email?

    4. on 1 of my domain, I always receive email from "[email protected]" where NN are random numbers.

    I have set blacklist in hsphere "*@foxmail.com" ... but those emails are still coming!! what should I do?

    5. can I set a block on all emails with chinese characters? 100% spam for me.

    Please advise
  10. Stephen

    Stephen US Operations Staff Member

    1.

    Ticket based request, cannot do from Hsphere as of now, not sure if ever.

    2. All those get blocked.

    3. I haven't seen these but it should certainly block them with or without the attachment.

    4. If it was not blocked by default you could train it to BAD folder 2-3 times and it would then learn and be blocked.

    5. No we can't do such, but it is likely it would be blocked in the gateway in any case.
  11. cc9

    cc9 Perch

    3. the spam email still got through the inbox. The antispam only remove the attachment and add that message to the email body, at the beginning of the email.

    anti spam replaced the attachment with "AntiSpam-Attachment-Warning.txt", it contains:
    =====
    This is a message from the MailScanner E-Mail Virus Protection Service
    ----------------------------------------------------------------------
    The original e-mail attachment "webmaster_98422.zip"
    is on the list of unacceptable attachments for this site and has been
    replaced by this warning message.

    If you wish to receive a copy of the original attachment, please
    e-mail helpdesk and include the whole of this message
    in your request. Alternatively, you can call them, with
    the contents of this message to hand when you call.

    At Fri Jul 22 16:03:22 2016 the virus scanner said:
    MailScanner: Windows Script Host files are dangerous in email (salesreport727.wsf)

    Note to Help Desk: Look on the AntiSpam (smarthost4.myhsphere.biz) MailScanner in /var/spool/MailScanner/quarantine/20160722 (message 10C64B6A74.A598C).

    SpamAssassin
    spamassassin.apache.org
    =====

    how do I block the email right away?

    4. how do you do / train it? is this the new filter or the one in hsphere?

    As I said, I have already black list the domain in antispam in HSPHERE, but all emails from that domain still coming in!

    5. nah, all spam with chinese letters still got through the inbox -_-
  12. Stephen

    Stephen US Operations Staff Member

    This is not related to hsphere, at all, none of my answers. All about antispam gateway optional.
  13. cc9

    cc9 Perch

    OK. I'll be waiting for the new antispam.
  14. Stephen

    Stephen US Operations Staff Member

    The anti spam gateway is working really well, do you have a ticket in about the more important domains you need for the anti malware and spam filtering? Please give a ticket reference number for us to check.
  15. cc9

    cc9 Perch

    Ticket Created #885230
  16. Pratik

    Pratik SkyWalker Staff Member

    It seems Manoj did reply to you on the ticket, so please do hope on live chat anytime so we can do this for you.
  17. cc9

    cc9 Perch

    OK, I got 1 domain running the new spam filter. we'll see how it goes for the next few days.

    Stephen, how do I "train" it?

    Gaurav Garg told me on live chat: "sorry, but you can't train the spam filter on the shared server, this is possible only if you buy your own dedicated spam filter server."
  18. cc9

    cc9 Perch

    problem with the new anti spam:

    I got 2 spam emails delivered to the quarantine account, BUT for every email, there is another email from "Scrollout F1 at ScrolloutF1.jodohost.com <[email protected]>"

    can't you just NOT send that email?

    1. not good for reseller. the client will ask about this.

    2. it's redundant. the mails are already quarantined anyway. why do you need to send email to the quarantine account again?
  19. Stephen

    Stephen US Operations Staff Member

    Thanks for the input.
  20. cc9

    cc9 Perch

    please let me know when the above email from Scrollout has been turned off. I need to put my client's domain on the new anti spam

Share This Page

JodoHost - 26,000 hosting end-users in 100 countries
Plesk Web Hosting
VPS Hosting
H-Sphere Web Hosting
Other Services