Klez-G - Warning postmaster@sender.com

Jethro R Binks jethro.binks at STRATH.AC.UK
Fri May 10 09:37:50 IST 2002

On Thu, 9 May 2002, Rose, Bobby wrote:

> All I'm saying is that I'm doing my part at tracking down infected
> machines within my domain when I get a copy of a v-message, why
> shouldn't the masters of the other infected domains.

Because you can't guarantee any way of contacting them any more, as
mentioned previously.

> I can't very well block the host addresses since the likelihood is
> that the addresses are dynamic.

Don't accept mail from ISP dial-up pools then, as a first step.  Although
that probably doesn't help much, as if a mail relay configured in the
email application it probably gets used.  Nevertheless, it's a first step.

As a second step, keep an eye out for persistent offenders (several
infected messages per hour).  If they continue, block all email from them.
It's ruthless, and may block legitimate email, but it will reduce your
incoming infected email if that is bothering or inconveniencing in some


In an ideal world, all Internet Access Providers (be they ISPs,
Universities, companies, etc) would do their part and virus-scan all their
outgoing email.  Universities in particular (and I speak only for the UK,
but it probably applies elsewhere) are pretty good at this, being
concerned with their image, having had Internet connections for longer
than most of the masses, and generally knowing what "the right thing" is
to do.

However, it isn't an ideal world, IAPs can't be bothered with such time
wasting trivialities and support burdens as virus software, and hence
we're in the situation we're in.  I'm afraid it is irresponsible IAPs who
should shoulder the blame for the extensive virus outbreaks (along with
the writers of course!).  The blame arguably extends further to the
authors of software that can be easily exploited to mass-mail people, but
let's not get into that one here ...

Sorry Julian, this is starting to get off-topic for the MailScanner
software list.  I've had my rants now I think :)


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks                                   Computing Officer, IT Services
Mailmaster, Listmaster, Webmaster,       University Of Strathclyde, Glasgow, UK
Cachemaster                                           jethro.binks at strath.ac.uk

More information about the MailScanner mailing list