Say such a milter could strip off attachments, replacing them
with a URL in the email that will allow the recipient to
download them if they prove clean. It's not an instant
gratification, but it'll let you distribute the scanning
About 5-6 yrs ago I wrote a system for a customer that
On Sat, 28 Feb 2004, Todd Vierling wrote:
On Fri, 27 Feb 2004, Stephen Milton wrote:
Yah, Bagle.C is the notation used by F-Secure. This is indeed what it
was.
It's annoying how easily these things spread even though they don't rely on
a specific OS vulnerabililty -- hell, it's an
On Mon, 1 Mar 2004, Curtis Maurand wrote:
: It's annoying how easily these things spread even though they don't rely on
: a specific OS vulnerabililty -- hell, it's an executable *in a zipfile*, so
: it requires opening the zipfile and then running the program inside it. Of
: course
Todd Vierling wrote:
It's as if the modern e-mail viruses are closer to human infections. Only
the clueful are immune. 8-)
I would agree if you had written ... At most the clueful are
immune. %^)
On Mon, 1 Mar 2004, Todd Vierling wrote:
On Mon, 1 Mar 2004, Curtis Maurand wrote:
: Sure they doits called COM/DCOM/OLE/ActiveX or whatever they
: want to call it this week. Its on every windows system.
No, my point was that the majority of newer trojan mail viruses don't depend
Curtis Maurand wrote:
On Mon, 1 Mar 2004, Todd Vierling wrote:
On Mon, 1 Mar 2004, Curtis Maurand wrote:
Sure they doits called COM/DCOM/OLE/ActiveX or whatever they
want to call it this week. Its on every windows system.
No, my point was that the majority of newer trojan mail
Vierling [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, March 01, 2004 10:06
Subject: Re: Possibly yet another MS mail worm
Curtis Maurand wrote:
On Mon, 1 Mar 2004, Todd Vierling wrote:
On Mon, 1 Mar 2004, Curtis Maurand wrote:
Sure they doits called COM/DCOM/OLE/ActiveX
quote who=John Palmer
In this case, it is the IDIOIT users. You tell them time and time again
DONT CLICK ON ATTACHMENTS
UNLESS SOMEONE YOU KNOW IS SENDING IT AND TELLS YOU IN ADVANCE THEY ARE
SENDING IT.
Just telling people Don't do that, it's bad. is sure to fail for the
same reason you
On Mon, 01 Mar 2004 11:14:37 CST, John Palmer [EMAIL PROTECTED] said:
In this case, it is the IDIOIT users. You tell them time and time again DONT CLICK
ON ATTACHMENTS
UNLESS SOMEONE YOU KNOW IS SENDING IT AND TELLS YOU IN ADVANCE THEY ARE
SENDING IT.
CM Kornbluth wrote The Marching Morons
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Curtis Maurand
Sent: March 1, 2004 10:38 AM
To: Todd Vierling
Cc: [EMAIL PROTECTED]
Subject: Re: Possibly yet another MS mail worm
My point is that the COM/DCOM/OLE/ActiveX is what allows
You wrote:
In this case, it is the IDIOIT users. You tell them time and time again DONT
CLICK ON ATTACHMENTS
UNLESS SOMEONE YOU KNOW IS SENDING IT AND TELLS YOU IN ADVANCE THEY ARE
SENDING IT.
If you do something again and again and again and it fails again and
again and again you ned to
-BEGIN PGP SIGNED MESSAGE-Hash: SHA1
Everyday there is a new, news article on this and every day everyonepanics and eeryday some one says tell the government to make a law, it is timeto realize that no law is going to do anything for anyone soon. In the past wejust took care of the problem
On Mon, 01 Mar 2004 10:35:05 PST, Henry Linneweh [EMAIL PROTECTED] said:
Everyday there is a new, news article on this and every day everyone
panics and eeryday some one says tell the government to make a law, it is time
to realize that no law is going to do anything for anyone soon. In the
- Original Message -
From: [EMAIL PROTECTED]
To: Henry Linneweh [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, March 01, 2004 12:59
Subject: Re: Possibly yet another MS mail worm
On Mon, 01 Mar 2004 10:35:05 PST, Henry Linneweh [EMAIL PROTECTED] said:
Everyday there is a new
Maurand [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, March 01, 2004 6:32 AM
Subject: Re: Possibly yet another MS mail worm
On Mon, 1 Mar 2004, Curtis Maurand wrote:
: It's annoying how easily these things spread even though they don't
rely on
: a specific OS vulnerabililty -- hell, it's
I believe the point is, your mail scanner should be able to
scan something as simple as zip compressed attachments. If
it can't, you may want to rethink which program you use.
Most open source and commercial scanners can scan inside zip
files.
mike
On Sat, 28 Feb 2004, Rubens Kuhl Jr. wrote:
.
Rubens
- Original Message -
From: Michael Wiacek [EMAIL PROTECTED]
To: Rubens Kuhl Jr. [EMAIL PROTECTED]
Cc: Todd Vierling [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Sunday, February 29, 2004 11:16 PM
Subject: Re: Possibly yet another MS mail worm
I believe the point is, your mail scanner
I'm not aware of any mail scanner that does this without running an
external
anti-virus or something alike, although is not that intensive to follow
the
zip headers (as they already do with the MIME headers in order to drop
external attachments). Most scanners can accept an anti-virus
so would a milter for sendmail that strips off attachments, queues
them for decompression and scanning at a later time be more useful?
Say such a milter could strip off attachments, replacing them with
a URL in the email that will allow the recipient to download them
if they prove clean. It's not
On Fri, 27 Feb 2004, Stephen Milton wrote:
: Yes, I got that one too. To my peering alias by coincidence. ClamAV
: identifies it as Worm.Bagle.A2. ClamAV added it the database today,
: and mentioned that it was not in most signature databases yet.
Yah, Bagle.C is the notation used by
It's annoying how easily these things spread even though they don't rely
on
a specific OS vulnerabililty -- hell, it's an executable *in a zipfile*,
so
it requires opening the zipfile and then running the program inside it.
Of
course everyone will run it, even though it's named dygfwefuih.exe
This one may be a variant of the recent worms. It's spreading by way of
zipfile attachments. I don't have more info yet, but my $orkplace has just
been hit by it and it's unknown to McAfee and Symantec at this time.
It's not W32.Netsky, as best I can tell, because of the attachment filename:
Yes, I got that one too. To my peering alias by coincidence. ClamAV
identifies it as Worm.Bagle.A2. ClamAV added it the database today,
and mentioned that it was not in most signature databases yet.
On Fri, Feb 27, 2004 at 07:12:42PM -0500, Todd Vierling wrote:
This one may be a variant of
23 matches
Mail list logo