Date: Mon, 29 Mar 1999 18:09:45 -0700 From: Brett Glass <brett@lariat.org> To: Laurence Berland <stuyman@confusion.net>, security@freebsd.org Subject: Re: Virus Announcements Message-ID: <4.2.0.32.19990329175542.00c88430@localhost> In-Reply-To: <37001F1B.C2B92D74@confusion.net> References: <4.2.0.32.19990329155900.00a557c0@localhost> <4.2.0.32.19990329164244.04553770@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Most of my day is spent helping Windows users. Most would be totally lost
if confronted with a shell prompt. In fact, the majority do not even know the
names of the user interface elements they manipulate on their screens. ("Do
you see a dialogue box in front of you?" "No, there's a window there, but my
computer isn't saying anything.")
One of the way I help those users is to keep the UNIX server in the back room
running smoothly. If they're going to be running a seriously buggy and
crash-prone desktop OS, the mission critical data and functionality needs to
stay on a reliable server.
I was probably one of the first few people to analyze the Melissa virus,
characterize its behavior, and specify filters for it. The best server-side
filter I've seen so far is the one I asked John Hardin to add to his procmail
security scripts. It won't catch every conceivable variation, but it's a good
first line of defense. You can then install virus checkers, get rid of Microsoft
Word and Excel, and install Corel Wordperfect Office.
Alas, there's no native version of WP Office for FreeBSD.
In the meantime, who here knows the arcana of how to build a package? I've looked
at the innards of a couple of tarballs but have no idea how to specify dependencies,
pop up a message to tell the user what to do next, test for the right version of
Perl (you need Perl5 and some FreeBSD users have Perl4), etc. There don't seem
to be any docs.
--Brett
--
At 07:47 PM 3/29/99 -0500, Laurence Berland wrote:
>Just read something about Melissa on ZDNet, scanning it to see if it's dumbed
>down enough to be read by my computer-illiterate parents. And what do I see at
>the bottom? That Brett Glass contributed to the article. That makes me happy.
>I'm glad to see that people from BSD help out windows users, as silly as they may
>be. Congrats Brett.
>
>Brett Glass wrote:
>
>> Sendmail's filtering is quite limited compared to that of Procmail. And
>> the "quick fix" posted by Sendmail, Inc. is trivial to defeat. We've
>> installed both, and the Procmail filters are catching lots more suspicious
>> traffic.
>>
>> --Brett
>>
>> At 05:24 PM 3/29/99 -0600, Igor Roshchin wrote:
>> >If you are talking about using FreeBSD to filter Melissa virus
>> >(and some similar virus), you might consider tweaking the rulesets for
>> >sendmail.
>> >
>> >I haven't tried installing that ruleset,
>> >but the CERT advisory recommended:
>> >
>> ><quote>
>> >III. Solutions
>> >
>> > * Block messages with the signature of this virus at your mail transfer
>> > agents.
>> >
>> > With Sendmail
>> >
>> > Nick Christenson of sendmail.com provided information about
>> > configuring sendmail to filter out messages that may contain the
>> > Melissa virus. This information is available from the follow URL:
>> > ftp://ftp.cert.org/pub/cert_advisories/Patches/CA-99-04-sendmail-m
>> > elissa-filter.txt
>> ></quote>
>> >
>> >Since sendmail is the default MTA in FreeBSD, this might be more universal
>> >to the general public (compared to procmail's rules/patches).
>> >
>> >IgoR
>> >
>> >
>> >PS. I agree that this list should contain only FreeBSD-related
>> >(or potentially related) issues.
>> >Other issues are important, but there are other lists for them -
>> >e.g. BUGTRAQ ..
>> >
>> >> OK, here's something FreeBSD-specific we ought to do. Let's make
>> >> up a FreeBSD package that installs John Hardin's e-mail sanitizing
>> >> filters with some sane default settings that kill the Melissa virus.
>> >>
>> >> John's filters can be found at
>> >>
>> >> ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-kit.html
>> >>
>> >> All we need to do is tweak the paths for FreeBSD, bring in
>> >> procmail as a dependency, and tell the user how to configure
>> >> Sendmail to use procmail as the local delivery agent.
>> >>
>> >> This would be something that could be touted as an advantage of
>> >> using FreeBSD as a mail server.
>> >>
>> >> Of course, I'll probably be told that this is a bad idea because
>> >> Jordan didn't think of it.
>> >>
>> >> --Brett Glass
>> >>
>> >>
>> >> At 01:47 PM 3/29/99 -0800, patl@phoenix.volant.org wrote:
>> >> >> And mind you, the two of you may sit in your own private heavens,
>> >> >> but many of the rest of us work in the real world. This particular
>> >> >> outbreak seems to warrant the original email.
>> >> >
>> >> >If by 'the real world' you mean an environment where you need to
>> >> >worry about virii that infect Windows, M$ Word documents, Excell
>> >> >spreadsheets, etc.; then you should be subscribed to one or more
>> >> >lists dedicated to those topics. Let's keep this list FreeBSD
>> >> >specific, please.
>> >> >
>> >> >
>> >> >
>> >> >-Pat
>> >> >
>> >> >
>> >> >To Unsubscribe: send mail to majordomo@FreeBSD.org
>> >> >with "unsubscribe freebsd-security" in the body of the message
>> >>
>> >>
>> >>
>> >> To Unsubscribe: send mail to majordomo@FreeBSD.org
>> >> with "unsubscribe freebsd-security" in the body of the message
>> >>
>>
>> To Unsubscribe: send mail to majordomo@FreeBSD.org
>> with "unsubscribe freebsd-security" in the body of the message
>
>--
>Laurence Berland, Stuyvesant HS Debate
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
>Windows 98: n.
> useless extension to a minor patch release for
> 32-bit extensions and a graphical shell for a
> 16-bit patch to an 8-bit operating system
> originally coded for a 4-bit microprocessor,
> written by a 2-bit company that can't stand for
> 1 bit of competition.
>http://stuy.debate.net
>icq #7434346 aol imer E1101
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.32.19990329175542.00c88430>