Re: [swinog] New .exe virus in.zip file via mail
Hi all Regarding AV: have once a look on Palo Alto's "Trap" Very nice idea.. Grüessli rog > Am 16.04.2015 um 16:54 schrieb Mike Kellenberger > : > > Hi all > > I've been contacted by a couple of customers which caught a new virus in the > last few days, sent by e-mail in a .zip file containing an .exe. (yes, there > are still people out there who open these kind of attachments if they come > from a known address) > > The .zip file passes our AV on the mailserver (Kaspersky) as well as our > desktop AV (Symantec) with the newest definitions. > > Once infected, it spreads via e-mail (probably through the outlook e-mail > profile, it authenticates nicely against our mailserver anyway) blasting out > hundreds of mails in a single short session only to sleep again until the > next day... > > Has anybody else seen this? Is there a name or details or cure fo it yet? > > Regards, > > Mike > > -- > Mike Kellenberger | Escapenet GmbH > www.escapenet.ch > +41 52 235 0700/04 > Skype mikek70atwork > > > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Swinog BE132 ZRH
Hello all Since nobody will come to the Swinog BE, I will cancel the event. :( Thanks rog > Am 02.05.2014 um 19:39 schrieb Roger Buchwalder : > > SwiNOG-BE132 - Beer Event 132 @ Outback Lodge / ZH > > Dear SwiNOGers, > > Lets have fun! > > Details for the next event: > --- > Event:SwiNOG-BE132 - Beer Event 132 > > When?Monday, 5th May 2014 18:30 > > Where?Outback Lodge >Stadelhoferstrasse 18, 8001 Zürich > >http://www.outback-lodge.ch/outback-lodge-z%C3%BCrich.html >(GoogleMaps Link:http://goo.gl/maps/fGTpM) > > > > !! Please sign up if you're really coming - because the seats are limited! !! > > > --- > > Registration: > > Start:Friday, 2nd May 2014 - 19:25 > Stop:Monday, 5th May 2014 - 17:00 > > Reg-URL: http://swinog.be/ > > --- > > Since we have to make reservations, I need to know who's coming and who not. > If you can't attend and you're registered please inform me ASAP (+41 79 277 > 92 35). > > greetings > rog > > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Swinog BE132 ZRH
SwiNOG-BE132 - Beer Event 132 @ Outback Lodge / ZH Dear SwiNOGers, Lets have fun! Details for the next event: --- Event:SwiNOG-BE132 - Beer Event 132 When?Monday, 5th May 2014 18:30 Where?Outback Lodge Stadelhoferstrasse 18, 8001 Zürich http://www.outback-lodge.ch/outback-lodge-z%C3%BCrich.html (GoogleMaps Link:http://goo.gl/maps/fGTpM) !! Please sign up if you're really coming - because the seats are limited! !! --- Registration: Start:Friday, 2nd May 2014 - 19:25 Stop:Monday, 5th May 2014 - 17:00 Reg-URL: http://swinog.be/ --- Since we have to make reservations, I need to know who's coming and who not. If you can't attend and you're registered please inform me ASAP (+41 79 277 92 35). greetings rog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Lösung für eine SMS-Notfallalarmierung und Statuswebseite
Hi Andy Wir verwenden diese Geräte: http://braintower.de/produkte-services/sms-gateway/ Grüsse rog > Am 17.04.2014 um 10:24 schrieb Andy Christen : > > Grüezi und hoi > > Wir suchen für unsere Firma eine Lösung für eine SMS-Notfallalarmierung. > Leider haben wir für diese Situation kein passendes öffentliches Angebot > finden können, > darum gelange ich an die Swinog-Mailingliste und hoffe, dass jemand von > Ihnen/euch > eine annähernd gleiche Lösung für sich selbst oder Kunden im Einsatz hat. > > Hier also die Anforderungen die wir haben: > Anforderungen: > Upload von Natelnummern auf ein Portal/Webseite mit Möglichkeit einer > Gruppierung der Einträge. > Versand von Info-/Status-SMS an die eingetragenen SMS-Gruppen per Webseite > (admin) und/oder SMS-Forward. > Status-Webseite öffentlich über dasselbe Portal einfach aufruf- und wartbar - > ev. Status mit SMS updatebar > Beispiel Inhalt Webseite/Statusseite: > 14.04.2014 09:54 E-Mail Service läuft wieder > 14.04.2014 08:01 E-Mail läuft nicht. Wir sind dran. > 01.04.2014 00:01 Kein Scherz: alle Systeme grün. > > Vielen Dank schon im voraus und allen schöne und wo möglich ruhige Ostertage. > > enGruess, Andy Christen > > -- > andreas.chris...@ergon.ch, +41 44 268 8927, > http://www.ergon.ch. > Ergon Informatik AG, Kleinstrasse 15, 8008 Zuerich, > Switzerland. > > e r g o nsmart people - smart software > > > > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Strafanklage gegen Schweizer Spamer
Hallo Xaver Eventuell wäre es gar nicht schlecht, wenn Du uns noch wissen lässt, um welche Mails es sich handelt. - Sender - Betreff - eventueller Inhalt Danke roger buchwalder > Am 03.10.2013 um 18:51 schrieb "Xaver Aerni" : > > Hallo zusammen, > Ich bin zur Zeit an einer Strafanzeige wegen versendung von Spams an folgende > Personen einzureichen: > Herrn Dr.Erb (ist leider Jurist, deshalb hat die Staatsanwaltschaft sehr > grosse Angst) sowie gegen die AntifeministenZeitung... Die Person bin ich > noch am Ermitteln, aber die Staatsanwaltschaft müsste wissen wer dahinter > steckt. > > Diese Leute nerven wegen den Spams besonders. Beim letzten Versuch konnte ich > nur 10 geschädigte der Staatsanwaltschaft geben. Darauf meinte die > Staatsanwaltschaft es ist nicht bewiesen dass ein Spam verschickt wurde. > Da ich aus Datenschutzgründen nicht einfach die Logfiles unserer Server > beilegen konnte, möchte ich, dass andere Betroffen mir eine Kopie von einer > dieser Mails mit Header zustellen. Das Ziel ist das ich der > Staatsanwaltschaft etwa 100 bis 1000 Mails übergeben kann. Ich denke dann > muss die Staaatsanwaltschaft eine Anzeige machen. > > Ich danke für Eure Mithilfe gegen Spam im Voraus. > Besten Dank und > Gruss > > Xaver Aerni > > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] SwiNOG-BE120 - Beer Event 120 @ Rolli's Steakhouse, Kloten / ZH
Dear SwiNOGers, So, after having a lot of meat last time - almost vegetarian - , BE needs meat again ,) Detals for the next event: --- Event: SwiNOG-BE120 - Beer Event 120 When? Monday, 6th May 2013 18:30 Where? Rolli's Steakhouse, Kloten Gerbegasse 9, 8302 Kloten http://www.rollis-steakhouse.ch (GoogleMaps Link: http://goo.gl/maps/XouXp) !! Please sign up if you're really coming - because the seats are limited! !! --- Registration: Start: Friday, 3rd May 2013 - 14:45 Stop: Monday, 6th May 2013 - 09:00 Reg-URL: http://swinog.be/ --- Since we have to make reservations, I need to know who's coming and who not. If you can't attend and you're registered please inform me ASAP (+41794419373). greetings Roger Buchwalder ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] List policy discussion
Hi all how about to teach Spamassassin of mailinglist, to filter out some out-of-office messages and stuff? Yes, the problem is not solved on the roots, but the keeps mailinglist clean... rog Viktor Steinmann schrieb: > Hi all > > In the last months we've seen more and more end-user questions, > vacation-bounces, off-topic and spam-like mails on the list. > > Any suggestions how to keep the noise level low in the future? > > Kind regards, > Viktor > > > *From:* [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] *On Behalf Of *Roman Gischig > *Sent:* Dienstag, 23. September 2008 18:20 > *To:* swinog > *Subject:* [swinog] Check out my Facebook profile > > > > > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] UCEProtect Blacklist
Hi all I don't like these discussion about xy-Blacklists. The only one I can say is, never ever block/kill any Mails, who "hit" a Blacklist. No Blacklist is perfect! (or: why are there so many Blacklists?) It would like to be the same, if you will block any Mail with the word "killer"? then check: [ http://tel.search.ch/result.html?name=killer ] If you find any provider, who block/kill Mails, they is doing a big failure. You have to punch/slap them. rog Xaver Aerni schrieb: > Hello Per, > You must look. If you have clients by a Provider like Sunrise. (he is > listed). Than you have many false positve marked Mails. > Sunrise (Freesurf... etc.) Many people here in Switzerland has an > Account there. > > Is possible in the international Trafic you have less false positives. > But here in Switzerland is it possble till 30 % false possitives Mails. > > Greetings > Xaver > - Original Message - From: "Per Jessen" <[EMAIL PROTECTED]> > To: > Sent: Sunday, November 04, 2007 4:43 PM > Subject: Re: [swinog] UCEProtect Blacklist > > >> Peter Keel wrote: >> >>> * on the Sat, Nov 03, 2007 at 02:00:15PM +0100, Per Jessen wrote: I would be interested to know why you find UCEprotect to be unreliable and unprofessional? >>> >>> Because of their delisting-procedure. How many networks will end >>> up in there which have been sending spam at some time, but don't >>> ever sent spam since then, because their admins fixed the problem, >>> or the net got reassigned or whatever? >> >> UCEprotect level1 and -2 both include automatic delisting. Only level3 >> does not seem to have automatic delisting. >> >>> With UCEprotect, I estimate about 30% of their entries being >>> listed are such false positives, and this will of course raise >>> and raise.. >> >> I ran some stats on our traffic (we use UCEprotect 1,2,3) for all >> of october - false positives per level: >> >> level1 = 0.75% >> level2 = 2.06% >> level3 = 0.96% (we have been using level3 experimentally for the last >> third of october) >> >> false positive = non-spam email sent by levelX listed server. >> >> >> Per Jessen >> >> -- >> http://www.spamchek.com/ - your spam is our business. >> >> ___ >> swinog mailing list >> swinog@lists.swinog.ch >> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog >> > > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] spamhaus.org
Hi all I don't unterstand, why someone should trust any Blacklist/Spamlist/whatelse and delete some mail, who may probably hit one of thouse lists. _Never_ /dev/null any mail, only weighting them, and if the wieght is much, then move it to a spamfolder on the recipients maildir. [a] I don't unterstand spamhaus, why they don't contact the isp of those domains [b] I don't unterstand admins who trust any lists 100% (I _was_ one of them) [c] I don't unterstand why _Spam_haus take care about phishing (how about Phishinghaus?) nice weekend rog Matthias Hertzog schrieb: [1] = Bullshit [2] = No, we don't use ugly/useless/badly-maintained things like that. nic.at hat a "discussion" with them this week. Spamhaus listed their mailservers. What a "great" idea, to blacklist a registry. :-( Best wishes, Matthias _ mhs @ internet AG Zürcherstrasse 204, CH - 9014 St. Gallen Phone +41 71 274 93 93, Fax +41 71 274 93 94 http://www.mhs.ch _ - Original Message - From: "Andreas Anderson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 22, 2007 2:20 PM Subject: [swinog] spamhaus.org Hi Guys. any opinions on the game [1] that spamhaus.org is playing? Is there someone left who uses them to reject mails on smtp level? Regards, Andreas [1] http://www.heise.de/newsticker/meldung/91587 _ Live Search delivers results the way you like it. Try live.com now! http://www.live.com ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] to SPF or not to SPF
Hello Bernard That would be a nice solution, but explain that to a user... cheers rog Bernard Dugas schrieb: Bonjour, Norbert Bollow wrote: Use DomainKeys instead of SPF. DomainKeys serves the same purpose, but doesn't share the fundamental brokenness of SPF. And why not using the existing authentication protocol on outgoing smtp server ? So the sender can use the smtp server of the provider of its email address from any network and SPF can work without any problem. Did i forget anything ? Best regards, ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Mail Server suggestions
Hi Mike Between 2000 and 2004 my ISP used IMail. It was very easy to use, also those "plugin" against spam and virus was very nice. (till then, i don't know the linux-style aka spamassassin etc.) Some of these plugins created the same person, who made dnsstuff.com One of those guys is R. Scott Perry. But now, I guess the guys fron dnsstuff sold they're business to ipswitch... http://www.ipswitch.com/products/imail/index.asp But they changed a lot in the last time, don't know, if they are still good... Greets Rog Mike Kellenberger schrieb: We're looking around for a new mail server solution, since our mercur (www.atrium.de) server is just too unstable. Preferably it should run on windows (we're just not at home on the *nix platforms), have all it's config options in a sql database, provide anti-spam and anti-virus out of the box, have a feature-rich webmail client and be tailored for a small ISP. Our specs: ~700 Domains, ~4000 Users Thanks in advance for all your tips! Cheers, Mike ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Wasserschaden
Hello Just got the newest Pic's from the broken pipes... http://roger.buchwalder.com/brokenpipe.php (Sorry, very bad quality of the Pic's...) greez rog Rudolphi schrieb: > > Hallo, hat jemand nähere Inforrmationen darüber, wie es im TIX aussieht? > Lässt sich abschätzen, wie lange der Ausfall dauern wird? > > > > > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] ISDN Layer 2 Problem
Hello Beat I remember, we had also some problems with ZyXEL-ISDN-Routers. We call then to the Swisscom, they may put the Layer 2 always to "on"-state. Maybe it helps? rog Beat Rubischon schrieb: Hello! Am 03.03.05 schrieb Beat Rubischon: I'm trying to configure a ISDN backup link on a Cisco. First, thanks a lot for your ideas. I have now debugged a lot and my results are the following: - It's not a problem in the wiring or termination. - Dial-Out is possible when Layer 2 is in state "MULTIPLE_FRAME_ESTABLISHED" (aka an running call) or "NOT Activated" (not initialized yet) - Dial-Out is not possible when Layer 2 is in state "TEI_ASSIGNED", debugging shows that the communication simple times out. I assume now a bug in the IOS - 12.3(8)YA [1] is an early deployment release. I hope to get my service contract soon to access other images. [1] http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/prod_bulletin0900aecd80157bb5.html A disconnect of the S-Bus resets the Layer 2 and with the setting "isdn tei-negotiation first-call" no new TEI is allocated. So I will try to switch off Layer 1 - each time Swisscom shuts down Layer 1, my BRI would be resetted :-) May be someone has another idea. I have put the config and a logfile on [2]. [2] http://www.rubis.ch/isdn/ Beat ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
