silent virii list
Jeff A. Earickson
jaearick at COLBY.EDU
Mon Jan 13 13:59:32 GMT 2003
Julian,
If/when it gets to the point where MailScanner does not send virus
warnings to the masses, I would still like it to:
* send warnings to users when filenames.rules.conf is triggered.
The sender usually did this action themselves, and they should be
warned that their email got squashed.
* send virus and filenames.rules complaints to postmaster (Notices To),
so that I can be aware of problem users in my own domain. I use
procmail rulesets to shove klez and other virus complaints aside
into their own mailboxes. Then I run a cron job to grep thru these
files, looking for anybody in my own domain. This info is emailed
to me periodically, so I can track down infections and fix them.
--- Jeff
On Mon, 13 Jan 2003, Julian Field wrote:
> Date: Mon, 13 Jan 2003 11:12:01 +0000
> From: Julian Field <mailscanner at ECS.SOTON.AC.UK>
> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Does Lirva send from a genuine address?
>
> At 10:11 13/01/2003, you wrote:
> >----- Original Message -----
> >From: "G Welter" <G.Welter at ROCLEIDEN.NL>
> >To: <MAILSCANNER at JISCMAIL.AC.UK>
> >Sent: Monday, January 13, 2003 9:26 AM
> >Subject: Re: Does Lirva send from a genuine address?
> >
> > > >From the mcafee page you mentioned below:
> > >
> > > The worm uses the default SMTP server of the infected computer, and then
> >adds either the address of the sender or a randomly selected email address
> >to the "From:" line of the email.
> > >
> > > So it seems to me that the from address is bogus. So yes, it should be
> >added to the silent viruses.
>
> I can see us all slowly coming to the situation that we turn off sender
> warnings altogether some time in the next year or so. Trouble is, this is
> going to make the virus situation worse than ever as there will be
> (practically) no way of finding the infected machines spewing out these
> messages.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
More information about the MailScanner
mailing list