Re: About virus scanners
How can I simply block all such attaches in Exim? As I know there are no special conditions embedded in Exim. And the only way to do it is to write your own filter which parse mail body for attaches. I think, it is not a good idea. Can you offer easier way? On Fri, 23 Nov 2001, Jason Thomas wrote: also you can choose to block all attachments or just some, like say exe,com,bat,lnk,pif etc. On Thu, Nov 22, 2001 at 07:00:06PM -0500, Ali?n Hern?ndez Mateo wrote: What can I do to avoid my mail server (Debian 2.2 r3) send or receive viruses? Thanks a lot in advance. Alian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: About virus scanners
On Fri, 2001-11-23 at 09:56, Dmitry N. Hramtsov wrote: How can I simply block all such attaches in Exim? As I know there are no special conditions embedded in Exim. And the only way to do it is to write your own filter which parse mail body for attaches. I think, it is not a good idea. Can you offer easier way? Have a look here: ftp://ftp.exim.org/pub/filter/system_filter.exim On Fri, 23 Nov 2001, Jason Thomas wrote: also you can choose to block all attachments or just some, like say exe,com,bat,lnk,pif etc. On Thu, Nov 22, 2001 at 07:00:06PM -0500, Ali?n Hern?ndez Mateo wrote: What can I do to avoid my mail server (Debian 2.2 r3) send or receive viruses? Thanks a lot in advance. Alian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Root is God? (was: Mutt tmp files)
* Mathias Gygax [EMAIL PROTECTED] [2001.11.18 17:58:46+0100]: excellent. you know what i did: i just remove the root:0:... line from /etc/passwd and /etc/shadow. now i can't be root. that must be perfect security. yeah! before you shout, think twice. this is READ-only on my system. you don't really understand it, right? i think i do. i wasn't talking about your system, but more about the general gist of the email thread. i'll answer your lamer detector email in just a sec, so look there for more details. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; net@madduck there is more stupidity than hydrogen in the universe, and it has a longer shelf life. -- frank zappa msg04356/pgp0.pgp Description: PGP signature
Re: About virus scanners
hi ya for the rest of the free anti-virus apps ( dozen or so ) http://www.linux-sec.net/Harden/server.gwif.html#Mail c ya alvin On 23 Nov 2001, Laurent Luyckx wrote: On Fri, 2001-11-23 at 09:56, Dmitry N. Hramtsov wrote: How can I simply block all such attaches in Exim? As I know there are no special conditions embedded in Exim. And the only way to do it is to write your own filter which parse mail body for attaches. I think, it is not a good idea. Can you offer easier way? Have a look here: ftp://ftp.exim.org/pub/filter/system_filter.exim On Fri, 23 Nov 2001, Jason Thomas wrote: also you can choose to block all attachments or just some, like say exe,com,bat,lnk,pif etc. On Thu, Nov 22, 2001 at 07:00:06PM -0500, Ali?n Hern?ndez Mateo wrote: What can I do to avoid my mail server (Debian 2.2 r3) send or receive viruses? Thanks a lot in advance. Alian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Using which socket (Unix or TCP) is more secure.
To check mail for viruses I use sendmail milter, which connect to (commercial) antivirus program drweb. Both sendmail and drweb live on one debian linux host (behind a firewall), and can connect to each other over Unix socket or TCP socket. Ports for sendmail and drweb to communicate (in case of using TCP socket) are filtered out from the Internet by firewall (iptables). My question is: Using which socket (Unix or TCP) is more secure in this case? Thank you, Mikhail. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: About virus scanners
How can I simply block all such attaches in Exim? As I know there are no special conditions embedded in Exim. And the only way to do it is to write your own filter which parse mail body for attaches. I think, it is not a good idea. Can you offer easier way? On Fri, 23 Nov 2001, Jason Thomas wrote: also you can choose to block all attachments or just some, like say exe,com,bat,lnk,pif etc. On Thu, Nov 22, 2001 at 07:00:06PM -0500, Ali?n Hern?ndez Mateo wrote: What can I do to avoid my mail server (Debian 2.2 r3) send or receive viruses? Thanks a lot in advance. Alian.
Re: About virus scanners
On Fri, 2001-11-23 at 09:56, Dmitry N. Hramtsov wrote: How can I simply block all such attaches in Exim? As I know there are no special conditions embedded in Exim. And the only way to do it is to write your own filter which parse mail body for attaches. I think, it is not a good idea. Can you offer easier way? Have a look here: ftp://ftp.exim.org/pub/filter/system_filter.exim On Fri, 23 Nov 2001, Jason Thomas wrote: also you can choose to block all attachments or just some, like say exe,com,bat,lnk,pif etc. On Thu, Nov 22, 2001 at 07:00:06PM -0500, Ali?n Hern?ndez Mateo wrote: What can I do to avoid my mail server (Debian 2.2 r3) send or receive viruses? Thanks a lot in advance. Alian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Root is God? (was: Mutt tmp files)
* Mathias Gygax [EMAIL PROTECTED] [2001.11.18 17:58:46+0100]: excellent. you know what i did: i just remove the root:0:... line from /etc/passwd and /etc/shadow. now i can't be root. that must be perfect security. yeah! before you shout, think twice. this is READ-only on my system. you don't really understand it, right? i think i do. i wasn't talking about your system, but more about the general gist of the email thread. i'll answer your lamer detector email in just a sec, so look there for more details. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] there is more stupidity than hydrogen in the universe, and it has a longer shelf life. -- frank zappa pgppi3UgpdJpN.pgp Description: PGP signature
Re: Root is God? (was: Mutt tmp files)
* Mathias Gygax [EMAIL PROTECTED] [2001.11.18 17:59:29+0100]:
thanks, you just made me laugh!
you set lamer detector to orange.
alright, so my first step is to scale back and *not* flame. i am sorry
for posting my sarcastic comment.
i shall now try to sum up my points. we have been talking about
creating a system, in which even root can't do everything. in doing
so, we stumbled upon a problem of definition, because root can
either define to the line in /etc/{passwd,shadow} -- the user with UID
0, or it can define to the more abstract concept of system
administrator or root of a system.
let me put it this way: historically, root is the center of a unix
system, well, the root. root is the only account that comes
pre-installed, root's password is defined during installation.
again, historically, there is *nothing* that root cannot do.
there exist a collection of kernel patches and other goodies, which
take some of that responsibility away from root. now, it doesn't
matter what the definition is, someone installs these and that someone
can very well change them again. whether that someone is root
him/herself, or the owner of the system, who wants to make lilfe
easier for the chap that was appointed root, there is *still*
someone in total control over the system. in such a case, root
merely slides down one level in the hierarchy, but the point is, you
cannot lose control over your own computer system.
therefore, any argument against root is god is futile and useless.
it *does* boil down to if you don't trust the person owning the
server, don't use that machine, and i would be *very* interested to
hear actual arguments against that.
now, i realize that i've been saying things that have been said over
and over in this thread, but maybe mathias is right, maybe i am just a
lamer and a dork, and shouldn't be using computers anyway. i will
happily consider to give up this job of mine and go into the monastery
as soon as someone gives me one scenario in which i am using a
computer that i do not own (as was the setup at the beginning of the
thread), which i can use in a secure manner *without* the owner (or
root) of that machine ever possibly able to spy on me.
--
martin; (greetings from the heart of the sun.)
\ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED]
as i was going up the stair
i met a man who wasn't there.
he wasn't there again today.
i wish, i wish he'd stay away.
--hughes mearns
pgpwjLg1Xz8SZ.pgp
Description: PGP signature
filesystem errors
Hello I have problems with my computer. I have Windows 98 SE nad Linux Debian 2.2.r4. Windows works ok, but in Linux i encountered strange errors on filesystem. It's something like: inode #no. has invalid entry offset=4!=0 and then specification of this entry. I've also encountered errors like directory corrupted, files not attached to inode etc. I can't find source of this. Fsck -c tells me that everything is ok. Badblocks command - the same. Does anyone know what could happen and how can I avoid it in future? Second question: is it possible to determine type of packet when it doesn't pass through firewall? I know that there is snort and other tools to do it, but I've only figured how to determine packets after they are allowed by kernel. Jaroslaw Postawa [EMAIL PROTECTED] PS. I'm not sure if it is the right list, but I think that my problem might be caused by network attacks so I posted it here. I'll do the same on debian-users in near future. JP
Re: About virus scanners
hi ya for the rest of the free anti-virus apps ( dozen or so ) http://www.linux-sec.net/Harden/server.gwif.html#Mail c ya alvin On 23 Nov 2001, Laurent Luyckx wrote: On Fri, 2001-11-23 at 09:56, Dmitry N. Hramtsov wrote: How can I simply block all such attaches in Exim? As I know there are no special conditions embedded in Exim. And the only way to do it is to write your own filter which parse mail body for attaches. I think, it is not a good idea. Can you offer easier way? Have a look here: ftp://ftp.exim.org/pub/filter/system_filter.exim On Fri, 23 Nov 2001, Jason Thomas wrote: also you can choose to block all attachments or just some, like say exe,com,bat,lnk,pif etc. On Thu, Nov 22, 2001 at 07:00:06PM -0500, Ali?n Hern?ndez Mateo wrote: What can I do to avoid my mail server (Debian 2.2 r3) send or receive viruses? Thanks a lot in advance. Alian.
Using which socket (Unix or TCP) is more secure.
To check mail for viruses I use sendmail milter, which connect to (commercial) antivirus program drweb. Both sendmail and drweb live on one debian linux host (behind a firewall), and can connect to each other over Unix socket or TCP socket. Ports for sendmail and drweb to communicate (in case of using TCP socket) are filtered out from the Internet by firewall (iptables). My question is: Using which socket (Unix or TCP) is more secure in this case? Thank you, Mikhail.
RE: About virus scanners
http://linuxtoday.com/news_story.php3?ltsn=2001-11-20-011-20-SC-HL-SV -Message d'origine- De : Alvin Oga [mailto:[EMAIL PROTECTED] Envoyé : 23 novembre, 2001 08:39 À : Laurent Luyckx Cc : Dmitry N. Hramtsov; Jason Thomas; debian-security@lists.debian.org Objet : Re: About virus scanners hi ya for the rest of the free anti-virus apps ( dozen or so ) http://www.linux-sec.net/Harden/server.gwif.html#Mail c ya alvin On 23 Nov 2001, Laurent Luyckx wrote: On Fri, 2001-11-23 at 09:56, Dmitry N. Hramtsov wrote: How can I simply block all such attaches in Exim? As I know there are no special conditions embedded in Exim. And the only way to do it is to write your own filter which parse mail body for attaches. I think, it is not a good idea. Can you offer easier way? Have a look here: ftp://ftp.exim.org/pub/filter/system_filter.exim On Fri, 23 Nov 2001, Jason Thomas wrote: also you can choose to block all attachments or just some, like say exe,com,bat,lnk,pif etc. On Thu, Nov 22, 2001 at 07:00:06PM -0500, Ali?n Hern?ndez Mateo wrote: What can I do to avoid my mail server (Debian 2.2 r3) send or receive viruses? Thanks a lot in advance. Alian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
rogue Chinese crawler
Is anyone else having problems with the robot from openfind.com.tw -- an intrusive, irritating, hard-to-get-rid-of crawler that completely paralyses my system *every day*? Despite what I put in any robots.txt, this one disregards all rules and just jams up my system, downloading every damn' thing in sight. Mails to the owners are totally disregarded. Anyone know of a sure-fire robot killer under woody? Who should this thing be reported to to get it stopped? TIA --
Re: rogue Chinese crawler
Martin WHEELER [EMAIL PROTECTED] writes: Is anyone else having problems with the robot from openfind.com.tw -- an intrusive, irritating, hard-to-get-rid-of crawler that completely paralyses my system *every day*? Nope. How does it paralyse you, anyway? Despite what I put in any robots.txt, this one disregards all rules and just jams up my system, downloading every damn' thing in sight. Mails to the owners are totally disregarded. Anyone know of a sure-fire robot killer under woody? `iptables -s openfind.com.tw -j MIRROR' would be favourite. Who should this thing be reported to to get it stopped? jason @ openfind.com.tw, according to whois. You might also consider finding someone at seed.net.tw or even wcg.net, to drop a mail to. ~Tim -- Sometimes you're the pigeon,|[EMAIL PROTECTED] Sometimes you're the statue.|http://spodzone.org.uk/
Re: rogue Chinese crawler
On Fri, Nov 23, 2001 at 05:32:04PM + or thereabouts, Martin WHEELER wrote: Is anyone else having problems with the robot from openfind.com.tw ... Anyone know of a sure-fire robot killer under woody? as a first recourse you could instruct your firewall to deny all access from openfind.com.tw to your machine:80. regards, uLI
Re: rogue Chinese crawler
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin == Martin WHEELER [EMAIL PROTECTED] writes: Martin Is anyone else having problems with the robot from Martin openfind.com.tw Martin -- an intrusive, irritating, hard-to-get-rid-of crawler that Martin completely paralyses my system *every day*? Martin Despite what I put in any robots.txt, this one disregards all Martin rules and just jams up my system, downloading every damn' thing Martin in sight. Mails to the owners are totally disregarded. Martin Anyone know of a sure-fire robot killer under woody? iptables or ipchains. Just drop all packets from it. Martin Who should this thing be reported to to get it stopped? # host openfind.com.tw openfind.com.tw A 139.175.250.23 # whois 129.175.250.23 Institution for Information Industry (NET-SEED-NET) 9F, No. 125, Song Jiang Road Taipei, 10472 TW Netname: SEED-NET Netblock: 139.175.0.0 - 139.175.255.255 Coordinator: Fan, C.K. (CKF-ARIN) [EMAIL PROTECTED] 02-26966447 (FAX) 02-26963071 Domain System inverse mapping provided by: DNS1.SEED.NET.TW 139.175.252.16 DNS.SEED.NET.TW 139.175.55.244 TCDNS.SEED.NET.TW139.175.150.20 KSDNS.SEED.NET.TW139.175.10.20 Record last updated on 19-Jan-2000. Database last updated on 22-Nov-2001 19:54:03 EDT. The ARIN Registration Services Host contains ONLY Internet Network Information: Networks, ASN's, and related POC's. Please use the whois server at rs.internic.net for DOMAIN related Information and whois.nic.mil for NIPRNET Information. - -- Hubert Chan [EMAIL PROTECTED] - http://www.geocities.com/hubertchan/ PGP/GnuPG key: 1024D/71FDA37F Fingerprint: 6CC5 822D 2E55 494C 81DD 6F2C 6518 54DF 71FD A37F Key available at wwwkeys.pgp.net. Encrypted e-mail preferred. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7/pZ4ZRhU33H9o38RAmTFAJ9it7inGbe6RaXQHEONjYjSAV2auwCghgDg Blu+eowtuc3NKk00UjNv9Rc= =4kBh -END PGP SIGNATURE-
Re: rogue Chinese crawler
## Martin WHEELER ([EMAIL PROTECTED]): Is anyone else having problems with the robot from openfind.com.tw That one has not been seen here. Anyone know of a sure-fire robot killer under woody? Apache himself (assuming your webserver runs apache, other servers should have something similar). Just take mod_access and add a deny from line to the Directory /-section of your config. Gruss, cmt -- Spare Space
Unidentified subject!
unsubscribe
Re: WAY OT (Re: In Praise of Dos (RE: Mutt tmp files))
Wichert Akkerman [EMAIL PROTECTED] writes: Previously Vineet Kumar wrote: So are please and thank you, but it's generally considered polite. Also using Mail-Followup-To is standard and expected behaviour on debian lists. That's a reasonable requirement only when Debian adds support for Mail-Followup-To in all the MUA's that it supports.
Re: WAY OT (Re: In Praise of Dos (RE: Mutt tmp files))
On Fri, Nov 23, 2001 at 12:38:29PM -0800, Thomas Bushnell, BSG wrote: Also using Mail-Followup-To is standard and expected behaviour on debian lists. That's a reasonable requirement only when Debian adds support for Mail-Followup-To in all the MUA's that it supports. Do we *support* MUAs? -- Christian Surchi, [EMAIL PROTECTED], [EMAIL PROTECTED] | ICQ www.debian.org - www.softwarelibero.it - www.firenze.linux.it| 38374818 You will be advanced socially, without any special effort on your part.
Re: rogue Chinese crawler
The best way would be to block it at your router with an access list. Blocking it at the box is ok too but that takes a little bit of your resources. And you have to do it on each box on your network you want protected. The router block will protect your entire network in one fell swoop and cost your boxes no resources. You can block just his ip address with a deny statement, or if he's scanning from multiple ip's you can chunk his whole network. But that ip (139.175.250.23) is under a huge Seed-net /16. You might end up blocking legitimate traffic. You can try to guess his local subnet mask and block that, like a /27 or something. On a related topic I've been receiving an enormous amount of spam coming through Asian mx's. Is there any effort underway to try and get these people to lock down their networks? We've got a bunch of rogue mailservers over there. At 05:32 PM 11/23/01 +, Martin WHEELER wrote: Is anyone else having problems with the robot from openfind.com.tw -- an intrusive, irritating, hard-to-get-rid-of crawler that completely paralyses my system *every day*? Despite what I put in any robots.txt, this one disregards all rules and just jams up my system, downloading every damn' thing in sight. Mails to the owners are totally disregarded. Anyone know of a sure-fire robot killer under woody? Who should this thing be reported to to get it stopped? ---=REMEMBER THE WORLD TRADE CENTER=--- ___/` WTC 911 `\___ 0100
