[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: High spam and viruses caused by the Mailing list.



On Wed, 4 Feb 2004, Louis-David Perron wrote:

> I don't know if the list masters can do anything about it, but I
> created this e-mail address especially to post on this list about an
> apache problem less than 48 hours ago. Since I posted the message, it
> took less than 12 hours before I started to receive the "Last
> Microsoft Upgrade" & "New Net Patch" virus... an e-mail body with a
> nice "Microsoft web site" looking. The virus is named W32.Swen.A@mm.

Yes, same here since a few months. 150Kb each. About 100 messages a day.

> So what I'm asking is: - Is there any members of this mailing list
> infected by this virus?
>
> - Is there anybody spying on the list to send viruses?

Probably not. It could just be that people having the virus have
access to the messages of this list via newsgroups.

> - Is there anything we can do about it?

* Filter it. If it helps, I use something like this:

:0
* > 120000
* < 170000
* B ?? base64
* B ?? ^TVqQAA
* B ?? ^ZGUuDQ0KJAAAAAAAAAB\+i6hSOurGATrqxgE66sYBQfbKATvqxgG59sgBLerGAdL1zAEA6s
swen.a

* Analyze the Received: headers and complain to the ISP of the person
sending you the virus. Do many of them come from IPs in the form
62.253.162.x and 62.253.164.x, as in my case?

* It is even possible that the swen.a virus forges the sender but *not*
the envelope sender. If this were true (which I'm not sure) then you
could know the email address of the person sending you the virus by
looking at the Return-Path.

* Perhaps we should seriously consider asking the relevant parties to
stop the list2news gateway *until* we have a way to obfuscate the
addresses in the news.



Reply to: