<html><body bgcolor="#FFFFFF"><div>I have had that happen to some of my [windows centric] clients. <span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.289062); -webkit-composition-fill-color: rgba(175, 192, 227, 0.222656); -webkit-composition-frame-color: rgba(77, 128, 180, 0.222656); ">From memory <span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.296875); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); ">Initially you can just request to be removed. If it is still infected it will be listed again. I do not remember the link but you should be able to find it on <a href="http://sorbs.org">sorbs.org</a> without too much trouble<span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.289062); -webkit-composition-fill-color: rgba(175, 192, 227, 0.222656); -webkit-composition-frame-color: rgba(77, 128, 180, 0.222656); "></span></span></span></div><div><span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.285156); -webkit-composition-fill-color: rgba(175, 192, 227, 0.21875); -webkit-composition-frame-color: rgba(77, 128, 180, 0.21875);"><br></span></div><div><span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.289062); -webkit-composition-fill-color: rgba(175, 192, 227, 0.222656); -webkit-composition-frame-color: rgba(77, 128, 180, 0.222656); "><span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.296875); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); "><span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.289062); -webkit-composition-fill-color: rgba(175, 192, 227, 0.222656); -webkit-composition-frame-color: rgba(77, 128, 180, 0.222656); ">Good luck </span></span></span></div><div><br>Sent from my iPhone<div><a href="Http://www.linkedin.com/in/evertvandijk">Http://www.linkedin.com/in/evertvandijk</a></div></div><div><br>On Sep 30, 2009, at 3:44 PM, "Jon Miller" <<a href="mailto:jlmiller@mmtnetworks.com.au">jlmiller@mmtnetworks.com.au</a>> wrote:<br><br></div><div></div><blockquote type="cite"><div>
<div class="Section1">
<p class="MsoNormal"><font size="2" face="Arial"><span lang="EN-AU" style="font-size:
10.0pt;font-family:Arial">I have a client that has gotten itself listed on the
sorbs database as a vulnerable / hacked server.<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span lang="EN-AU" style="font-size:
10.0pt;font-family:Arial">Is there any test I can run to see if this is true. <o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span lang="EN-AU" style="font-size:
10.0pt;font-family:Arial"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span lang="EN-AU" style="font-size:
10.0pt;font-family:Arial">How do I get them off the list? Their server is a
Debian v4 with postfix. Is there anything I can look for with tshark or any
other analyser?<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span lang="EN-AU" style="font-size:
10.0pt;font-family:Arial"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span lang="EN-AU" style="font-size:
10.0pt;font-family:Arial"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" face="Arial"><span lang="EN-AU" style="font-size:
10.0pt;font-family:Arial">Regards<o:p></o:p></span></font></p>
</div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>PLUG discussion list: <a href="mailto:plug@plug.org.au"><a href="mailto:plug@plug.org.au">plug@plug.org.au</a></a></span><br><span><a href="http://www.plug.org.au/mailman/listinfo/plug">http://www.plug.org.au/mailman/listinfo/plug</a></span><br><span>Committee e-mail: <a href="mailto:committee@plug.linux.org.au"><a href="mailto:committee@plug.linux.org.au">committee@plug.linux.org.au</a></a></span><br></div></blockquote></body></html>