From owner-freebsd-security Mon Mar 29 15:45:20 1999 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 3790E14FD0 for ; Mon, 29 Mar 1999 15:45:18 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id QAA03094; Mon, 29 Mar 1999 16:44:53 -0700 (MST) Message-Id: <4.2.0.32.19990329164244.04553770@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.32 (Beta) Date: Mon, 29 Mar 1999 16:44:42 -0700 To: Igor Roshchin From: Brett Glass Subject: Re: Virus Announcements Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <199903292324.RAA07912@alecto.physics.uiuc.edu> References: <4.2.0.32.19990329155900.00a557c0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sendmail's filtering is quite limited compared to that of Procmail. And the "quick fix" posted by Sendmail, Inc. is trivial to defeat. We've installed both, and the Procmail filters are catching lots more suspicious traffic. --Brett At 05:24 PM 3/29/99 -0600, Igor Roshchin wrote: >If you are talking about using FreeBSD to filter Melissa virus >(and some similar virus), you might consider tweaking the rulesets for >sendmail. > >I haven't tried installing that ruleset, >but the CERT advisory recommended: > > >III. Solutions > > * Block messages with the signature of this virus at your mail transfer > agents. > > With Sendmail > > Nick Christenson of sendmail.com provided information about > configuring sendmail to filter out messages that may contain the > Melissa virus. This information is available from the follow URL: > ftp://ftp.cert.org/pub/cert_advisories/Patches/CA-99-04-sendmail-m > elissa-filter.txt > > >Since sendmail is the default MTA in FreeBSD, this might be more universal >to the general public (compared to procmail's rules/patches). > >IgoR > > >PS. I agree that this list should contain only FreeBSD-related >(or potentially related) issues. >Other issues are important, but there are other lists for them - >e.g. BUGTRAQ .. > >> OK, here's something FreeBSD-specific we ought to do. Let's make >> up a FreeBSD package that installs John Hardin's e-mail sanitizing >> filters with some sane default settings that kill the Melissa virus. >> >> John's filters can be found at >> >> ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-kit.html >> >> All we need to do is tweak the paths for FreeBSD, bring in >> procmail as a dependency, and tell the user how to configure >> Sendmail to use procmail as the local delivery agent. >> >> This would be something that could be touted as an advantage of >> using FreeBSD as a mail server. >> >> Of course, I'll probably be told that this is a bad idea because >> Jordan didn't think of it. >> >> --Brett Glass >> >> >> At 01:47 PM 3/29/99 -0800, patl@phoenix.volant.org wrote: >> >> And mind you, the two of you may sit in your own private heavens, >> >> but many of the rest of us work in the real world. This particular >> >> outbreak seems to warrant the original email. >> > >> >If by 'the real world' you mean an environment where you need to >> >worry about virii that infect Windows, M$ Word documents, Excell >> >spreadsheets, etc.; then you should be subscribed to one or more >> >lists dedicated to those topics. Let's keep this list FreeBSD >> >specific, please. >> > >> > >> > >> >-Pat >> > >> > >> >To Unsubscribe: send mail to majordomo@FreeBSD.org >> >with "unsubscribe freebsd-security" in the body of the message >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message >> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message