Re: Virus Flood to LSM list

• Previous message: Steve Beattie: "Re: Virus Flood to LSM list"
• In reply to: Crispin Cowan: "Re: Virus Flood to LSM list"
• Next in thread: kentat_private: "Re: Virus Flood to LSM list"
• Next in thread: Katsunori Tanaka: "Re: Virus Flood to LSM list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 3 Sep 2003 14:39, Crispin Cowan wrote:
> John S. Wolter wrote:
> > I've been receiving an flood EMail with a virus removed and addressed
> > to the list.   Do you think the list is under deliberate attack?
>
> I doubt that. I'm receiving zillions of Sobig.F virus posts from all
> sorts of addresses, not just LSM. There is a major storm going on.
>
> On one hand, it is not surprising that the LSM list is getting a lot of
> Sobig.F traffic, because a lot of people will have our address in their
> address book, and that is how modern viruses work.
>
> On the other hand, it is rather depressing how many of our subscribers
> apparently use Outlook as a mail client.
>
> *Hint*: if you see a virus post to LSM, and you recognize the "From"
> address as one of your pals, then *you* are probably the infected party
> and you need to clean it up.

When virus messages go to the list please make the messages be bounced at 
source (SMTP 550 code), silently discarded by a virus filter, or sent to the 
list unmodified.

The most annoying thing you can do is to mangle a virus such that anti-virus 
software doesn't recognise it and then send it on.  My mailbox is protected 
with amavis and I don't get the virus, but I do get mangled virus messages 
such as from this list.

> >   Is there anything the list managers can do to eliminate the problem
> > EMails?  If this continues I will be forced to unsubscribe, too bad.
>
> Not without pissing off a whole lot of other people who would
> unsubscribe if we started putting ham-handed filters on the list. I
> thought of filtering for the obvious subject lines that Sobig sends, but
> the subject lines are too short and generic, so such a filter has a
> significant chance of trapping legitimate posts.

So make the messages with matching subjects be moderated.  This proceedure 
works very well for the SE Linux list and could work just as well for the LSM 
list.

But the best thing to do is just have anti-virus software installed and kept 
up to date.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: rgoochat_private: "Re: Thank you!"
• Previous message: Steve Beattie: "Re: Virus Flood to LSM list"
• In reply to: Crispin Cowan: "Re: Virus Flood to LSM list"
• Next in thread: kentat_private: "Re: Virus Flood to LSM list"
• Next in thread: Katsunori Tanaka: "Re: Virus Flood to LSM list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 02 2003 - 23:59:14 PDT