Date: Mon, 29 Oct 2001 19:04:40 +0200 From: Peter Pentchev <roam@ringlet.net> To: Nils Holland <nils@tisys.org> Cc: postmaster@daimi.au.dk, security@FreeBSD.ORG Subject: Re: VIRUS IN YOUR MAIL Message-ID: <20011029190440.A584@straylight.oblivion.bg> In-Reply-To: <20011029165515.L869-100000@jodie.ncptiddische.net>; from nils@tisys.org on Mon, Oct 29, 2001 at 04:58:06PM %2B0100 References: <200110291510.f9TFAuo25848@horse10.daimi.au.dk> <20011029165515.L869-100000@jodie.ncptiddische.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 29, 2001 at 04:58:06PM +0100, Nils Holland wrote: > On Mon, 29 Oct 2001 postmaster@daimi.au.dk wrote: > > > V I R U S A L E R T > > > > Our viruschecker found the > > > > 'W32/Klez' > > > > virus(es) in your email to the following recipient(s): > > > > -> <FARRET@DAIMI.AU.DK> > > This is probably (no, definately!) off-topic, but I have seen these damn > eMail virus scanners running havoc several times. If a virus gets send to > a crowsed mailing lists, such warnings as the one above can occur *in the > hundreds* (yes, I have counted). taking that into account, I thought that > eMail worms were so bad because when they spread themselves, they caused a > lot of network badwith to be used. Now, I wonder if there's any difference > in the badwidth being used by the worm virus/worm spreading, or by the > virus scanners sending out their warning messages... The problem is not virus scanners per se, the problem is *broken* virus scanners which do not send their automated replies to the right address. They are supposed to honor the Return-Path in the message header, and send all automated replies to a special Majordomo alias (owner-listname), which swallows them and takes note of which subscriber sends the most of these. At some point, I think automatic unsubscription takes place, but even if it does not, mail sent to owner-listname does not reach the list. Now go explain all of this to the scanners' writers. Apparently, everyone who has tried so far has failed :( G'luck, Peter -- If this sentence didn't exist, somebody would have invented it. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011029190440.A584>