But, if you're using sendmail, maybe the best to do is to tell sendmail to reject the traffic from this particular host. Go to /etc/mail, edit the file called 'access' and append a line like this: 202.154.10.146 REJECT "You're sending too much viruses!" Then save, type 'make' and restart sendmail.
Access.db is a map. You don't need to restart sendmail after you update /etc/mail/access file and rebuild access.db map (either using supplied Makefile if present, or by running "makemap hash access.db < access", I prefer later over former). Same for all other maps. You only need to restart sendmail when sendmail.cf is changed, and any of the files referenced by F lines in sendmail.cf (those are read once at startup).
Although solution with sendmail is cleaner and more polite (the offender gets the error why he/she is refused, and you are blocking only email), I don't think that somebody who is not noticing that he/she is spitting out viruses in such a high rate is going to notice and/or care about it.
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
