From owner-freebsd-security Mon Oct 29 8:19: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id EFBE437B408 for ; Mon, 29 Oct 2001 08:18:57 -0800 (PST) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id IAA29518; Mon, 29 Oct 2001 08:18:31 -0800 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda29516; Mon Oct 29 08:18:22 2001 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.6/8.9.1) id f9TGILd52739; Mon, 29 Oct 2001 08:18:21 -0800 (PST) Received: from UNKNOWN(10.1.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdC52731; Mon Oct 29 08:17:55 2001 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.6/8.9.1) id f9TGHsd04697; Mon, 29 Oct 2001 08:17:54 -0800 (PST) Message-Id: <200110291617.f9TGHsd04697@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdCJ4693; Mon Oct 29 08:17:24 2001 X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: schubert To: Peter Pentchev Cc: Nils Holland , postmaster@daimi.au.dk, security@FreeBSD.ORG Subject: Re: VIRUS IN YOUR MAIL In-reply-to: Your message of "Mon, 29 Oct 2001 19:04:40 +0200." <20011029190440.A584@straylight.oblivion.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 29 Oct 2001 08:17:24 -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <20011029190440.A584@straylight.oblivion.bg>, Peter Pentchev writes: > On Mon, Oct 29, 2001 at 04:58:06PM +0100, Nils Holland wrote: > > On Mon, 29 Oct 2001 postmaster@daimi.au.dk wrote: > > > > > V I R U S A L E R T > > > > > > Our viruschecker found the > > > > > > 'W32/Klez' > > > > > > virus(es) in your email to the following recipient(s): > > > > > > -> > > > > This is probably (no, definately!) off-topic, but I have seen these damn > > eMail virus scanners running havoc several times. If a virus gets send to > > a crowsed mailing lists, such warnings as the one above can occur *in the > > hundreds* (yes, I have counted). taking that into account, I thought that > > eMail worms were so bad because when they spread themselves, they caused a > > lot of network badwith to be used. Now, I wonder if there's any difference > > in the badwidth being used by the worm virus/worm spreading, or by the > > virus scanners sending out their warning messages... > > The problem is not virus scanners per se, the problem is *broken* virus > scanners which do not send their automated replies to the right address. > They are supposed to honor the Return-Path in the message header, and > send all automated replies to a special Majordomo alias (owner-listname), > which swallows them and takes note of which subscriber sends the most > of these. At some point, I think automatic unsubscription takes place, > but even if it does not, mail sent to owner-listname does not reach > the list. > > Now go explain all of this to the scanners' writers. Apparently, > everyone who has tried so far has failed :( I agree that there is no proactive way to resolve this, however there is a reactive approach that will resolve the recurring nature of the problem, that being to put subscriber email addresses in the bounces list until the problem is resolved. This may not be a P.C. solution but I think it will work until a better solution is found. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD Ministry of Management Services Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message