Re: Virus Flood to LSM list

From: Russell Coker (russellat_private)
Date: Tue Sep 02 2003 - 23:21:40 PDT

  • Next message: rgoochat_private: "Re: Thank you!"

    On Wed, 3 Sep 2003 14:39, Crispin Cowan wrote:
    > John S. Wolter wrote:
    > > I've been receiving an flood EMail with a virus removed and addressed
    > > to the list.   Do you think the list is under deliberate attack?
    > I doubt that. I'm receiving zillions of Sobig.F virus posts from all
    > sorts of addresses, not just LSM. There is a major storm going on.
    > On one hand, it is not surprising that the LSM list is getting a lot of
    > Sobig.F traffic, because a lot of people will have our address in their
    > address book, and that is how modern viruses work.
    > On the other hand, it is rather depressing how many of our subscribers
    > apparently use Outlook as a mail client.
    > *Hint*: if you see a virus post to LSM, and you recognize the "From"
    > address as one of your pals, then *you* are probably the infected party
    > and you need to clean it up.
    When virus messages go to the list please make the messages be bounced at 
    source (SMTP 550 code), silently discarded by a virus filter, or sent to the 
    list unmodified.
    The most annoying thing you can do is to mangle a virus such that anti-virus 
    software doesn't recognise it and then send it on.  My mailbox is protected 
    with amavis and I don't get the virus, but I do get mangled virus messages 
    such as from this list.
    > >   Is there anything the list managers can do to eliminate the problem
    > > EMails?  If this continues I will be forced to unsubscribe, too bad.
    > Not without pissing off a whole lot of other people who would
    > unsubscribe if we started putting ham-handed filters on the list. I
    > thought of filtering for the obvious subject lines that Sobig sends, but
    > the subject lines are too short and generic, so such a filter has a
    > significant chance of trapping legitimate posts.
    So make the messages with matching subjects be moderated.  This proceedure 
    works very well for the SE Linux list and could work just as well for the LSM 
    But the best thing to do is just have anti-virus software installed and kept 
    up to date.
    --   My NSA Security Enhanced Linux packages  Bonnie++ hard drive benchmark    Postal SMTP/POP benchmark  My home page
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Tue Sep 02 2003 - 23:59:14 PDT