[slowpoke]

I'm using littlesnitch and everytime I send an email it flags up the warning saying the "Application SMTP is trying to access adviral.tv or Port:25"

Now I'm no expert and my working knowledge of network security is lacking at best, but that doesn't look right to me. oh, and adviral.tv is just a holding page.

The thing that annoys me most is that I had a huge argument with IT about trying to get my mac on the Network. They came to me a few days ago complaining about my mac using up all the bandwidth, which I said wasn;t possible (I was also the one complaining about the internet connection being dog slow). But then I did a few tests and sure thing, come five o'clock every evening the Internet connection for the whole company grinds to a halt. If I unplug my mac, it's back to normal in under a minute. I've done the test a few times now, but for the life of me I can't find the problem. But then I don't really know where to look or what to look for, hence this posting. Any ideas?

Oh, and before you feel too sorry for me. I suppose I've been very blasé when it comes to my powerbooks security, operating under the principle that macs are pretty much inpenetrable (even though I know thats not true). And i'm in the habit of trying out any application that looks useful which generally means installing a lot of shareware/freeware. So it's highly likely that I've been duped into installing something nasty. But, if thats the case then it's still a serious issue as most mac users consider their macs to be imune to everything. Any help here would be greatly appreciated.

Cheers
-t

[Chuckit]

Doubtful it's spyware or a virus, per se, since none exist to my knowledge. That's the real thing — it's not that Macs are impenetrable, but there's no malware anyway. It sounds like you would have to be going pretty far outside the normal channels to have picked up something nobody has ever seen before. That doesn't mean a Mac can't be hacked, though.

First of all, how is your e-mail set up? What are the settings, are you actually running a personal mail server of any sort, etc.?

Also, have you ever had contact with a British company called MacXperts? Because the whois for adviral.tv says it's owned by them.

[slowpoke]

HI. I use Postfix Enabaler for my outgoing mail server. Incoming comes from my hosting company (POP 3). I've had a look round MacXperts.com and couldn't find anything the I'd seen before. Oh, and now (it's only done this twice) smtp tires to makes calls to 212.137.44.179 on port 25 again. but that ip doesn;t appear to lead anywhere.

I also have ClamXav Sentry monitor my applications folder, mail, and desktop but as yet, it's not flagged up anything.

Maybe I was a little hasty with my Virus call, but the fact is, something in my computer is hogging bandwidth and smtp is making calls to somewhere it shouldn't. There's something rotten in Denmark.

[BimmerBoy79]

Hey ... just a quick question ... if you are using Postfix Enabler, you do have it setup to use authentication right? Because if not, it is possible you have an open mail relay ... which could explain all your smtp traffic.

Just a thought anyway.

[jasong]

You know there are an awful lot of people on this board posting their Mac spyware/virus infection, and you know what? It's never been either. Can people maybe save these kinds of headlines for a confirmed spyware/virus issue so the world isn't so jaded as to ignore it when (if) it happens? I don't know, maybe this topic could have been titled "Why is my Mac trying to access adviral.tv"

[ghporter]

jasong's got a good point. You could have said "Is this spyware?" and gotten the same sort of responses.

BimmerBoy's point about your mail settings is a very good one too. Realize that port 25 is the standard port for SMTP traffic, so that's pretty benign. The adviral.tv bit is odd but not necessarily evil...just weird.

I'd take a look at what all's running on your Mac and start weeding out what is and is not desired. Maybe you DO have something trying to phone home-but is it doing so with your permission?

[Todd Madson]

Did a bit of searching:

-adviral.tv corresponds to the ip address 82.138.146.68.
-that block, according to whois is owned by a firm called Amcor Flexibles.
-Amcor Flexibles apparently has several locations according to whois information:

% Information related to '82.138.146.0 - 82.138.146.255'

inetnum: 82.138.146.0 - 82.138.146.255
netname: AMCOR-SR
descr: Amcor Flexibles - S&R
descr: Intaglio House
descr: Brucefield Park
descr: Livingston EH54 9ES
country: GB
admin-c: MS4436-RIPE
admin-c: HV173-RIPE
tech-c: MS4436-RIPE
tech-c: HV173-RIPE
status: ASSIGNED PA
mnt-by: AMCOR-MNT
source: RIPE # Filtered

person: Heikki Vilkkinen
address: Amcor Flexibles Finland Oy
address: Luvalahdentie 1
address: 27500 Kauttua
address: FINLAND
e-mail: heikki.vilkkinen@amcor-flexibles.com
phone: +358 2 83921
fax-no: +358 2 83922020
nic-hdl: HV173-RIPE
source: RIPE # Filtered
person: Mika Savela
address: BaseN Oy
address: Linnoitustie 4B
address: FI-02600 Espoo
address: FINLAND
e-mail: msavela@basen.net
phone: +358 9 5475 1005
fax-no: +358 9 5475 1006
nic-hdl: MS4436-RIPE
source: RIPE # Filtered

% Information related to '82.138.128.0/19AS790'

route: 82.138.128.0/19
descr: Amcor Flexibles Europe
origin: AS790
mnt-by: AS6667-MNT
source: RIPE # Filtered

Did a tracert on 212.137.44.179 and found that it times out - I did a google
search on that address and found it came up in some system administrators
report but inconclusive (see link below):

See: http://lists.evolt.org/sysadminarchi...er/001243.html

Apparently it couldn't reach that address either.

"adviral.tv" seems suspicious, like a spyware/adware app trying to call home.
But not confirmed and looking in google it found no reference to adviral.tv.

The .tv suffix suggests a television connection (at least here in the u.s. where
tv domains were a hot thing for about ten seconds).

Most curious.

But yeah, if you're trying to run your own mail host on your company
network no wonder your IT group is up in arms. That's kind of a no-no,
at least where I'm from.

[Big Mac]

I would naturally look at Postfix Enabler with suspicion and seek answers in that direction. Is there a good reason why you're running your own SMTP server rather than using your company's?

[SSharon]

Just out of curiousity (and because you said you like freeware) can you download menu meters and see exactly how much bandwidth you are using up? Yes I know you can use activity monitor to tell you the same info, but I like menu meters more.