silent virii list

Jeff A. Earickson jaearick at COLBY.EDU
Mon Jan 13 13:59:32 GMT 2003


   If/when it gets to the point where MailScanner does not send virus
warnings to the masses, I would still like it to:

* send warnings to users when filenames.rules.conf is triggered.
  The sender usually did this action themselves, and they should be
  warned that their email got squashed.

* send virus and filenames.rules complaints to postmaster (Notices To),
  so that I can be aware of problem users in my own domain.  I use
  procmail rulesets to shove klez and other virus complaints aside
  into their own mailboxes.  Then I run a cron job to grep thru these
  files, looking for anybody in my own domain.  This info is emailed
  to me periodically, so I can track down infections and fix them.

--- Jeff

On Mon, 13 Jan 2003, Julian Field wrote:

> Date: Mon, 13 Jan 2003 11:12:01 +0000
> From: Julian Field <mailscanner at ECS.SOTON.AC.UK>
> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> Subject: Re: Does Lirva send from a genuine address?
> At 10:11 13/01/2003, you wrote:
> >----- Original Message -----
> >From: "G Welter" <G.Welter at ROCLEIDEN.NL>
> >Sent: Monday, January 13, 2003 9:26 AM
> >Subject: Re: Does Lirva send from a genuine address?
> >
> > > >From the mcafee page you mentioned below:
> > >
> > > The worm uses the default SMTP server of the infected computer, and then
> >adds either the address of the sender or a randomly selected email address
> >to the "From:" line of the email.
> > >
> > > So it seems to me that the from address is bogus. So yes, it should be
> >added to the silent viruses.
> I can see us all slowly coming to the situation that we turn off sender
> warnings altogether some time in the next year or so. Trouble is, this is
> going to make the virus situation worse than ever as there will be
> (practically) no way of finding the infected machines spewing out these
> messages.
> --
> Julian Field
> MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list