Re: Virus Flood to LSM list

From: Crispin Cowan (crispinat_private)
Date: Tue Sep 02 2003 - 21:39:33 PDT

  • Next message: rmkat_private: "Re: Re: My details"

    John S. Wolter wrote:
    > I've been receiving an flood EMail with a virus removed and addressed 
    > to the list.   Do you think the list is under deliberate attack?
    I doubt that. I'm receiving zillions of Sobig.F virus posts from all 
    sorts of addresses, not just LSM. There is a major storm going on.
    On one hand, it is not surprising that the LSM list is getting a lot of 
    Sobig.F traffic, because a lot of people will have our address in their 
    address book, and that is how modern viruses work.
    On the other hand, it is rather depressing how many of our subscribers 
    apparently use Outlook as a mail client.
    *Hint*: if you see a virus post to LSM, and you recognize the "From" 
    address as one of your pals, then *you* are probably the infected party 
    and you need to clean it up.
    >   Is there anything the list managers can do to eliminate the problem 
    > EMails?  If this continues I will be forced to unsubscribe, too bad. 
    Not without pissing off a whole lot of other people who would 
    unsubscribe if we started putting ham-handed filters on the list. I 
    thought of filtering for the obvious subject lines that Sobig sends, but 
    the subject lines are too short and generic, so such a filter has a 
    significant chance of trapping legitimate posts.
    Crispin Cowan, Ph.D. 
    Chief Scientist, Immunix
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Tue Sep 02 2003 - 21:46:17 PDT