On Sat, 2002-07-27 at 21:19, Thomas F. wrote: > Hello Jonathan, > > On 27 Jul 2002 17:21:59 -0500 GMT (28/07/02, 05:21 +0700 GMT), > Jonathan Angliss wrote: > > JA> And that'd just give the possibly infected user another email address to > JA> mail the virus too ;) > > Not necessarily. All those who get the info about the new address will > also be told the reason - that someone with the old address on his > computer keeps sending the Klez virus and all are asked to scan their > computers to see whether it's them.
The reason I said that was because somebody recently infected with the Yaha virus hit one of the sales accounts where I work with over 90 emails in a 10 minute period, talking with them on the phone, they refused to believe they were infected (despite evidence to the contrary such as email headers, paths, return addresses, mail logs etc), and decided not to take actions. I subsequently set sendmail to refuse mail from them with a nice message :) > JA> Either that, or get your sysadmin/isp to install a virus scanner > JA> on the mail server, and get it to drop the mail on the server :) > > Probably a good idea, which will work in a company environment but not > if you are connected to an ISP. Big time ISPs probably wouldn't touch the idea of trying to install a virus scanner on their services... too many legal issues, time consuming, and just another service that can go wrong for them. Plus there is the huge cost that would result in that kind of service for so many email addresses (most mail scanners change per seat/email account). > For illustration, I once sent a very angry email to my own ISP after I > had I complained that their public announcements (server down / > international link down / etc) were in text/html which I couldn't read > with the version of pine on their server and which opens when I telnet > into my account on port 23. Which is true, although I think the later versions of pine may be able to pull the plain text out of the HTML body, but still a pain. The unusual thing is they are sending those kinds of things in html, that personally would drive me mad. My current ISP is 'very good' about notifications, they mail out about 12 hours before they do anything, with one line most of the time ;) My last one was: "services will be intermittent between 04:30 and 05:30 tomorrow as we are working on our routers" That was it ;) > They recommended using Outlook. > > I didn't even notice that Outlook probably doesn't run under unix > (does it?), but apart from the fact that it was the pine version they > themselves had offered to me (and left me no choice when reading my > mail while travelling), I was so surprised that an ISP would recommend > the major virus distributor since the invention of the internet, that > I really bashed them. I wouldn't expect them to know how to set up > server-side virus protection and would always protect myself, even if > they said they have done so. Erm... Outlook doesn't run on Linux, let alone a terminal connection, as it is a GUI program. It has only 'recently' been ported to the Mac with Internet Explorer, and Office (aka Office 98). Small time ISPs may look into it if they get enough queries, but big time ISPs probably wouldn't even harbor the thought due to issues mentioned above. Setting up the virus scan on the mail servers I run was a case of about 3 commands due to the nice a simple setup developed by Sophos (a great UK based AV company). -- Jonathan Angliss ([EMAIL PROTECTED]) ________________________________________________________ Current Ver: 1.61 FAQ : http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/