I received the notification below.
I looked at the clamd.virtualmin logs and don't see where it had detected anything.
I restarted clamd.virtualmin but the logs don't indicate a detection.
Do you know how I might figure out who/what/where this is coming from?
tony
Hello from USinternetworking (USi). I am a Security Engineer here trying to track down a security incident that appears to have originated from your network on January 10, 2009. Please investigate a TCP sweep of port 22 from the IP 206.72.99.14 and inform me of the results (account cancelled, user warned, etc). I will require this information in order to close the ticket on this activity. I have attached a portion of the log details as evidence. All times are EST (GMT -5).
(NOTE: This is an automated email response to the incoming scan/attack.)
10:39:55 206.72.99.14 0.0.0.0 [TCP-SWEEP]
(total=187,dp=22,min=212.1.185.0,max=212.1.187.254,Jan10-10:39:42,Jan10-
10:39:54) (USI-amsxaid01)
10:40:14 206.72.99.14 0.0.0.0 [TCP-SWEEP]
(total=265,dp=22,min=212.1.191.0,max=212.1.190.254,Jan10-10:39:55,Jan10-
10:40:09) (USI-amsxaid01)
USi Information Assurance Group
sac@usi.com