Andrew Plato wrote: >Well, if the from address was consistently big@private you could filter >it out via a mail proxy or anti-spam system. However, since the address >may change that probably isn't possible. > On the one hand, I agree with Andrew: it is normal for viruses to morph the forged e-mail address, usually to one of the addresses in the victim's address book. On the other hand, I have received a *lot* of e-mail from big@private in the last 48 hours, so it may be the case that Sobig.A is not smart enough to do that. Not all virus writers are evil geniuses. Some of them are just evil wankers :-) If Sobig.A is doing something that simple & predictable, I'm surprised that it is spreading as fast as it is. > Basically you would need some >kind of reactive and dynamic filtering product that sits before your >mail server. Trend Micro has a virus wall product that can drop emails >that contain known intrusions. > And now you can buy that Trend e-mail virus filter as a turn-key server solution on an Immunix system and HP hardware http://www.compaq.com/products/servers/solutions/iis/index.html Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html Just say ".Nyet"
This archive was generated by hypermail 2b30 : Tue Jan 21 2003 - 18:27:39 PST