Sobig afterthoughts

Youn Gonzales ispmgr at CLAS.NET
Thu Aug 21 21:55:41 IST 2003 

You should check out Kai's Spamshield. Very easy to modify..

http://www.spamshield.org/

Youn Gonzales
System Administrator
Comptia A+, Network+, INET+,
Cisco CCNA/CCDA Certified Technician
Microsoft Certified Professional

"sabbe dhamma anatta"


----- Original Message -----
From: "Tony Johansson" <tony.johansson at SVENSKAKYRKAN.SE>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Thursday, August 21, 2003 3:43 PM
Subject: Sobig afterthoughts


> Hello,
>
> While afterthoughts might be misleading as we still get lots of viruses,
it
> may still be a appropriate title.
>
> The site I manage normally receive about 10.000 emails per day. With Sobig
> we (so far) have gotten over 50.000 infected messages in about 72 hours.
We
> have two MailScanners that both cope with the load with no problems.
> (thanks Julian!)
>
> Now for the thoughts. As we had not problems with incoming email, I didnt
> really dig into where all these viruses came from. Today curiousity got
the
> better of me and I did a litte research on the mail logs. While viruses
> came from a wide range of addresses, one particular address was
responsible
> for over 10.000 viruses over 48 hours. I checked and it was still active,
> still sending us viruses.
>
> The machine was on a local (Swedish ISP) and was totally exposed to the
> internet, I could even view its netbios name. I was pretty surprised that
I
> could "net send" a popup message to the machine, telling the person
sitting
> at it that it perhaps would be a good idea to get some anti-virus going. I
> was even more surprised that the machine went offline only seconds after
my
> message, evidently someone got the message... The machine hasnt been seen
> since it our mail logs.
>
> Wouldn't it be a good idea to:
> 1. Have an option in MailScanner where you could perform an action
> (ipfilter?/add address to your MTAs access table?/interact with firewall)
> if a single ipaddress sends you say 10 viruses?
>
> 2. Have an option where you could send a SMB message to a ipaddress each
> 10? viruses they send you. This would certainly not get through to most
> senders but the effort against potential win should make it worth it,
> wouldnt it?
>
>
> regards, Tony
>

More information about the MailScanner mailing list