RE: CRIME WORM_Sobig.A blocked but dealing with the residual address...

• Previous message: Andrew Plato: "RE: CRIME WORM_Sobig.A blocked but dealing with the residual address..."
• In reply to: Andrew Plato: "RE: CRIME WORM_Sobig.A blocked but dealing with the residual address..."
• Next in thread: Crispin Cowan: "Re: CRIME WORM_Sobig.A blocked but dealing with the residual address..."
• Next in thread: Andrew Plato: "RE: CRIME WORM_Sobig.A blocked but dealing with the residual address..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 20 Jan 2003, Andrew Plato wrote:

> Well, if the from address was consistently big@private you could filter
> it out via a mail proxy or anti-spam system. However, since the address
> may change that probably isn't possible. Basically you would need some
> kind of reactive and dynamic filtering product that sits before your
> mail server. Trend Micro has a virus wall product that can drop emails
> that contain known intrusions. Other in-line prevention systems like
> attack mittigator from Top Layer would have that capability as well. 

Any reasonably up to date virus mail scanner should be able to find that 
one.  It is only one of many exploiting the worm propagation device that 
is Outlook.

• Next message: Todd Ellner: "CRIME Hope this isn't too spammish"
• Previous message: Andrew Plato: "RE: CRIME WORM_Sobig.A blocked but dealing with the residual address..."
• In reply to: Andrew Plato: "RE: CRIME WORM_Sobig.A blocked but dealing with the residual address..."
• Next in thread: Crispin Cowan: "Re: CRIME WORM_Sobig.A blocked but dealing with the residual address..."
• Next in thread: Andrew Plato: "RE: CRIME WORM_Sobig.A blocked but dealing with the residual address..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 20 2003 - 16:46:58 PST