On Tue, Sep 02, 2003 at 09:39:33PM -0700, Crispin Cowan wrote: > John S. Wolter wrote: > > >I've been receiving an flood EMail with a virus removed and addressed > >to the list. Do you think the list is under deliberate attack? > > I doubt that. I'm receiving zillions of Sobig.F virus posts from all > sorts of addresses, not just LSM. There is a major storm going on. Yes, I don't believe the list is under any more attack than the rest of the internet. > > Is there anything the list managers can do to eliminate the problem > >EMails? If this continues I will be forced to unsubscribe, too bad. > > Not without pissing off a whole lot of other people who would > unsubscribe if we started putting ham-handed filters on the list. I > thought of filtering for the obvious subject lines that Sobig sends, but > the subject lines are too short and generic, so such a filter has a > significant chance of trapping legitimate posts. However, spamassassin is able to correctly identify such posts as containing microsoft executables, but the list server's default score for such was too low to make the spamassassin threshhold, which is what we use to moderate on. I have a request into the server's admin to up the score, and until that is in place, I've put in a filtering regexp that looks for the spamassassin notation marking it as an executable. It appears to be working, as it's trapped two copies of SoBig while I was composing this email. My apologies to the list for not realizing that this was happening earlier; I had a locally modified spamassassin configuration that was trapping the messages sent to me from the list. Thanks for your patience, and again, my apologies to the list. -- Steve Beattie Don't trust programmers? <steveat_private> Complete StackGuard distro at http://NxNW.org/~steve/ immunix.org http://www.sardonix.org -- Audit code, earn respect.
This archive was generated by hypermail 2b30 : Tue Sep 02 2003 - 23:59:04 PDT