[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Yet Another Virus was Re: [cobalt-users] Spam

Subject: Yet Another Virus was Re: [cobalt-users] Spam
From: Parker Morse <morse@xxxxxxxxxxx>
Date: Wed Aug 20 07:34:00 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Wednesday, Aug 20, 2003, at 01:21 US/Eastern, René Mølsted wrote:

What we did, was blocking all mails with the stated subjects, so"nobody" accually got the virusthrough our servers.

I've been using the Procmail Sanitizer<http://www.impsec.org/email-tools/procmail-security.html> on our Qube3since Badtrans and Goner. It has been stopping the latest round quiteeffectively without need of an update; it simply stops any message witha "Windows Executable" attachment. (Among other things, it strips anyattachment with a .pif or .scr extension.)

That's pretty crude, but more accurate than simply subject-blocking;someday, by accident, someone will use that subject on an innocentemail and not know why their message didn't get through.

The Sanitizer stopped 160 last night, when it usually finds fewer than10 with fewer than 30 users on the system.

pjm

Follow-Ups:
- Re: Yet Another Virus was Re: [cobalt-users] Spam
  - From: Shannon Johnston

References:
- Re: [cobalt-users] Spam
  - From: René Mølsted

Prev by Date: Re: [cobalt-users] ASP Support
Next by Date: Re: [cobalt-users] F-prot config question - Upgrade F-prot with Mailscanner
Previous by thread: Re: [cobalt-users] Spam
Next by thread: Re: Yet Another Virus was Re: [cobalt-users] Spam

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index