Question: How much CPU does it take to serve an average of 30 Mbps of Ubuntu and Backtrack ISO images, with peaks at 86 Mbps ?

Answer: 8% CPU on average.

Our Opteron 144 based, 64-bit Linux machine has served more than 7TB of ISO images during the last 30 days! That’s just amazing…

In addition to Ubuntu, we now mirror BackTrack on our public FTP server. Give it a try, it’s worths it.

By the way, we still have a few gigabytes free space left. So, if you’re part of an open source project and are looking for a mirror, feel free to contact us.

Happy download!

Do you still wonder if blocking executables in emails is a good idea or not ? Here is something that happened to us on december, 30th 2006 that should help you take a decision.

Around 0:30, we received tens of emails containing an executable called postcard.exe.

No viruses were found.

Banned name: multipart/report | message/rfc822 | multipart/related |
application/x-msdownload,.exe,.exe-ms,postcard.exe
Content type: Banned (8,0)

The message WAS NOT relayed to:
554 5.7.0 Reject, id=21276-03 – BANNED: multipart/report | message/rfc822 | multipart/related | application/x-msdownload,.exe,.exe-m…

As you can see, these were only blocked due to the fact that an .exe attachment was present in the mail. But no virus was detected.

Half an hour later, here is a trace generated by the same piece of email :

A virus was found: Trojan.Downloader-390

Banned name: multipart/report | message/rfc822 | multipart/related |
application/x-msdownload,.exe,.exe-ms,postcard.exe
Scanner detecting a virus: ClamAV-clamscan

Content type: Virus (9,0)
Subject: Returned mail: see transcript for details The message has been quarantined as: virus-ZnU+-UZHehk1

The message WAS NOT relayed to:
254 2.7.0 Ok, discarded, id=21156-09 – VIRUS: Trojan.Downloader-390

Virus scanner output:
p001: OK
p002: OK
p004: Trojan.Downloader-390 FOUND

Now, you may think that the original problem is due to the fact that we use an open-source antivirus engine. Then, look at the analysis of the code by the most know engines :

Complete scanning result of “postcard.exe”:
AntiVir 7.3.0.21 12.30.2006 TR/Dldr.Tibs.JZ
Authentium 4.93.8 12.30.2006 W32/Tibs.gen4
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.30.2006 Downloader.Tibs
BitDefender 7.2 12.30.2006 GenPack:Trojan.Downloader.Tibs.I
CAT-QuickHeal 8.00 12.29.2006 no virus found
ClamAV devel-20060426 12.30.2006 Trojan.Downloader-390
DrWeb 4.33 12.30.2006 Win32.Dref
eSafe 7.0.14.0 12.30.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 Win32/Tibs!generic
Ewido 4.0 12.29.2006 no virus found
Fortinet 2.82.0.0 12.30.2006 suspicious
F-Prot 3.16f 12.30.2006 security risk named W32/Tibs.gen4
F-Prot4 4.2.1.29 12.30.2006 W32/Tibs.gen4
Ikarus T3.1.0.27 12.30.2006 Trojan-Downloader.Win32.Tibs.jy
Kaspersky 4.0.2.24 12.30.2006 Trojan-Downloader.Win32.Tibs.jy
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 12.27.2006 no virus found
NOD32v2 1949 12.30.2006 Win32/Nuwar.M
Norman 5.80.02 12.29.2006 no virus found
Panda 9.0.0.4 12.30.2006 no virus found
Prevx1 V2 12.30.2006 Malicious
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 Trojan/Downloader.Generic
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 12.29.2006 no virus found
VirusBuster 4.3.19:9 12.30.2006 Trojan.DL.Tibs.Gen!Pac10

Now that you’ve taken the good decision, be aware that Microsoft has published a list of attachment file types that are blocked by Outlook 2003 out-of-the-box. It’s a good starting point to define the attachment blocking policy of your mail relay.

We’ve got a free gigabytes space left on our public FTP server. So we’ve decided to offer mirroring services to open-source projects that need extra bandwith to distribute their software. Security related stuff have our preference, for sure, but we’re open to discussion. Fell free to drop us an email if you’re interested.

By the way, best wishes for 2007 from all of us here at Secaron Luxembourg