From owner-freebsd-security  Tue Dec  4 17:35:40 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75])
	by hub.freebsd.org (Postfix) with ESMTP id 62B1537B41B
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 17:35:31 -0800 (PST)
Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73])
	by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 833FE16B1C
	for <freebsd-security@freebsd.org>; Wed,  5 Dec 2001 02:35:29 +0100 (CET)
Received: from IBM-HIRXKN66F0W.Go2France.com [66.64.14.18] by mail.Go2France.com with ESMTP
  (SMTPD32-6.06) id AD3237350274; Wed, 05 Dec 2001 02:49:38 +0100
Message-Id: <5.1.0.14.2.20011204193019.05f01c18@mail.Go2France.com>
X-Sender: LConrad@Go2France.com@mail.Go2France.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 04 Dec 2001 19:34:31 -0600
To: freebsd-security@freebsd.org
From: Len Conrad <LConrad@Go2France.com>
Subject: Re: Mail list is posting gone virus!!!!
In-Reply-To: <4.3.2.7.2.20011204172959.04d112e0@localhost>
References: <01d701c17d10$a8b334b0$0001300a@lhtech.lhtek.com>
 <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


>Also no excuse. Our heuristic checker caught the very first copy
>(See http://www.brettglass.com/spam/paper.html) and would run
>just fine on the FreeBSD mail servers.

the freebsd hubs run postfix, afaik, which can block on single and double 
file extensions, like .scr, .doc.scr.  Our FreeBSD AV box sees no BadTrans 
or  Goner because the postfix front-ends reject them as attachments.

For volumes, here's FreeBSD + Kaspersky for Tue through first 20 hours:

Grand Totals
------------
messages

  352086   received
  386330   delivered
       5   forwarded
       1   deferred  (1  deferrals)
   16844   bounced
      47   rejected

    6288m  bytes received
    7786m  bytes delivered
   63730   senders
   10594   sending hosts/domains
   45609   recipients
    6828   recipient hosts/domains

giving:

       1 Infected with I-Worm.Magistr.b.poly
       1 Infected with Macro.Word97.Sattelite.b
       1 Infected with from=bounce-members-68677@lists.naela.org
       1 Infected with from=info@kalistaderm.com
       1 Infected with from=bounce-members-67997@lists.naela.org
       1 Infected with Macro.Word97.Ethan
       1 Infected with I-Worm.Hybris.f
       1 Infected with I-Worm.Hybris.c
       3 Infected with I-Worm.Magistr.a.poly
       3 Infected with I-Worm.KakWorm
       3 Infected with from=emailtesting@gfi.com
       6 Infected with I-Worm.Badtrans
       7 Infected with Win32.FunLove.4070
       8 Infected with I-Worm.MTX
      34 Infected with I-Worm.Hybris.b
      99 Infected with I-Worm.Magistr.a
     101 Infected with I-Worm.Magistr.b
     281 Infected with I-Worm.BadtransII
     522 Infected with I-Worm.Sircam.c
     582 Infected with I-Worm.Goner

    1657 TOTAL

Len


http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com  : Build free, hi-perf, anti-abuse mail gateways


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message