Re: Virus Detected by Network Associates, Inc. Webshield SMTP V4.5 MR1a
On Sat, 28 Jun 2003 22:21, Dan Rasmussen wrote:
> On Sat, Jun 28, 2003 at 12:14:38PM +0000, virusalert@baan.com wrote:
> > An E-mail from <debian-laptop@lists.debian.org> to <RvdOever@baan.nl>
> > with subject Re: Application has been intercepted. The virus
> > W32/Sobig.c@MM in attachment your_details.zip has been detected.
>
> Quick question, why do I always receive emails like this? It seems that
> if the virus has been intercepted, there is no need for me to know about
> it... is this advertising for their antivirus scanner, or something
> designed to make virus authors all proud when they do a search and their
> virus comes up in mailing list archives and they can see how far their
> work spread?
The people running the virus-scanners are idiots.
I've attached a little script I use to deal with such things. If you use it
then please edit it to put your name and email address in the body.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
#!/usr/bin/perl
use strict;
use Net::SMTP;
use Net::DNS;
my @addr = split("@", $ARGV[0]);
my $host = primary($addr[1]);
my $postmaster = "postmaster@" . $addr[1];
print "host:$host\n";
my $smtp;
($smtp = Net::SMTP->new($host))
or die "Can't connect to mail server.\n";
$smtp->mail($ARGV[0])
or die "Server doesn't like from address $ARGV[0].\n";
($smtp->to($ARGV[0]))
or die "Server doesn't like to address $ARGV[0].\n";
($smtp->cc($postmaster))
or die "Server doesn't like cc address $postmaster.\n";
($smtp->data()) or die "error in start data.\n";
$smtp->datasend("From: " . $ARGV[0] . "\n");
$smtp->datasend("To: " . $ARGV[0] . "\n");
$smtp->datasend("Cc: " . $postmaster . "\n");
$smtp->datasend("Subject: Your mail server is broken\n");
$smtp->datasend("\n");
$smtp->datasend(
"A correctly configured mail server will not send out virus reports to the\n"
."address listed in the From: field as the viruses send out email with fake\n"
."From: addresses. This means that a broken mail server such as yours\n"
."which sends such messages just annoys innocent people while not helping\n"
."anyone.\n\n");
$smtp->datasend("I sent this message with your address in the From field because I have received\n");
$smtp->datasend("more than enough anti-virus messages from you already.\n");
$smtp->datasend("\n");
$smtp->datasend("USER NAME\n");
$smtp->datasend('USER@DOMAIN.com' . "\n");
($smtp->dataend()) or die "error in end.\n";
($smtp->quit()) or die "error in quit.\n";
sub primary
{
my $res = new Net::DNS::Resolver;
my @mx;
my $query;
my $rr;
if(not @mx = mx($res, @_))
{
print "no mx records\n";
$query = $res->send(@_) or die "no A records";
}
else
{
my $primary = $mx[0];
foreach $rr (@mx)
{
if($rr->preference < $primary->preference)
{
$primary = $rr;
}
}
$query = $res->search($primary->exchange) or die "Can't lookup A record.\n";
}
foreach $rr ($query->answer)
{
next unless $rr->type eq "A";
return $rr->address;
}
}
Reply to: