silent virii list
Julian Field
mailscanner at ecs.soton.ac.uk
Mon Jan 13 18:01:38 GMT 2003
Both good points. I won't do anything quite as simple as hard-coding "Warn
Senders = no", I'll separate out the virus warnings from other warnings.
But no need to do it quite yet, fortunately.
At 13:59 13/01/2003, you wrote:
>Julian,
>
> If/when it gets to the point where MailScanner does not send virus
>warnings to the masses, I would still like it to:
>
>* send warnings to users when filenames.rules.conf is triggered.
> The sender usually did this action themselves, and they should be
> warned that their email got squashed.
>
>* send virus and filenames.rules complaints to postmaster (Notices To),
> so that I can be aware of problem users in my own domain. I use
> procmail rulesets to shove klez and other virus complaints aside
> into their own mailboxes. Then I run a cron job to grep thru these
> files, looking for anybody in my own domain. This info is emailed
> to me periodically, so I can track down infections and fix them.
>
>--- Jeff
>
>On Mon, 13 Jan 2003, Julian Field wrote:
>
> > Date: Mon, 13 Jan 2003 11:12:01 +0000
> > From: Julian Field <mailscanner at ECS.SOTON.AC.UK>
> > Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Does Lirva send from a genuine address?
> >
> > At 10:11 13/01/2003, you wrote:
> > >----- Original Message -----
> > >From: "G Welter" <G.Welter at ROCLEIDEN.NL>
> > >To: <MAILSCANNER at JISCMAIL.AC.UK>
> > >Sent: Monday, January 13, 2003 9:26 AM
> > >Subject: Re: Does Lirva send from a genuine address?
> > >
> > > > >From the mcafee page you mentioned below:
> > > >
> > > > The worm uses the default SMTP server of the infected computer, and
> then
> > >adds either the address of the sender or a randomly selected email address
> > >to the "From:" line of the email.
> > > >
> > > > So it seems to me that the from address is bogus. So yes, it should be
> > >added to the silent viruses.
> >
> > I can see us all slowly coming to the situation that we turn off sender
> > warnings altogether some time in the next year or so. Trouble is, this is
> > going to make the virus situation worse than ever as there will be
> > (practically) no way of finding the infected machines spewing out these
> > messages.
> > --
> > Julian Field
> > www.MailScanner.info
> > MailScanner thanks transtec Computers for their support
> >
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list