Date: Mon, 29 Oct 2001 08:17:24 -0800 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Peter Pentchev <roam@ringlet.net> Cc: Nils Holland <nils@tisys.org>, postmaster@daimi.au.dk, security@FreeBSD.ORG Subject: Re: VIRUS IN YOUR MAIL Message-ID: <200110291617.f9TGHsd04697@cwsys.cwsent.com> In-Reply-To: Your message of "Mon, 29 Oct 2001 19:04:40 %2B0200." <20011029190440.A584@straylight.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20011029190440.A584@straylight.oblivion.bg>, Peter Pentchev writes: > On Mon, Oct 29, 2001 at 04:58:06PM +0100, Nils Holland wrote: > > On Mon, 29 Oct 2001 postmaster@daimi.au.dk wrote: > > > > > V I R U S A L E R T > > > > > > Our viruschecker found the > > > > > > 'W32/Klez' > > > > > > virus(es) in your email to the following recipient(s): > > > > > > -> <FARRET@DAIMI.AU.DK> > > > > This is probably (no, definately!) off-topic, but I have seen these damn > > eMail virus scanners running havoc several times. If a virus gets send to > > a crowsed mailing lists, such warnings as the one above can occur *in the > > hundreds* (yes, I have counted). taking that into account, I thought that > > eMail worms were so bad because when they spread themselves, they caused a > > lot of network badwith to be used. Now, I wonder if there's any difference > > in the badwidth being used by the worm virus/worm spreading, or by the > > virus scanners sending out their warning messages... > > The problem is not virus scanners per se, the problem is *broken* virus > scanners which do not send their automated replies to the right address. > They are supposed to honor the Return-Path in the message header, and > send all automated replies to a special Majordomo alias (owner-listname), > which swallows them and takes note of which subscriber sends the most > of these. At some point, I think automatic unsubscription takes place, > but even if it does not, mail sent to owner-listname does not reach > the list. > > Now go explain all of this to the scanners' writers. Apparently, > everyone who has tried so far has failed :( I agree that there is no proactive way to resolve this, however there is a reactive approach that will resolve the recurring nature of the problem, that being to put subscriber email addresses in the bounces list until the problem is resolved. This may not be a P.C. solution but I think it will work until a better solution is found. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD Ministry of Management Services Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110291617.f9TGHsd04697>