on Wed, Nov 21, 2001 at 10:45:40PM -0500, Michael P. Soulier (michael.soulier@home.com) wrote:
> On Wed, Nov 21, 2001 at 05:55:21PM -0800, Karsten M. Self wrote:
> >
> > I'd suggest a massive response (that is, many people, not one person
> > replying many times) to the postmaster address, or other WHOIS contacts
> > listed if postmaster is invalid (an RFC 822 violation, FWIW).
> >
> > This practice is to be strongly discouraged. As with a nuclear chain
> > reaction, it can rapidly get out of hand.
>
> Post the email address to complain to and I'll be glad to.
The following is results of analysis on headers in AV notices posted
here:
1: "Antigen found Aliz.4096 Worm..."
Note that the 'From' header was likely malformed, mine has
substituted my ISP's POPD server for the host/domain portion of the
address.
From: Antigen@popd.ix.netcom.com
To: debian-user@lists.debian.org
Subject: Antigen found Aliz.4096.Worm (Norman,Sophos) virus
'Received' indicates 206.98.143.251 as the originating IP. This
doesn't resolve, but WHOIS indicates a Cable & Wireless customer,
COX Enterprises (NETBLK-CW-206-98-142). Administrative contact:
Christian Rohde <christian.rohde@cox.com>
2: "Antigen found W32/Aliz@MM (McAfee4) virus"
At least the header looks properly formed.
From: ANTIGEN_SSEXCH-00-IMC1 <ANTIGEN_SSEXCH-00-IMC1@seg-social.pt>
To: "'debian-user@lists.debian.org'" <debian-user@lists.debian.org>
Subject: Antigen found W32/Aliz@MM (McAfee4) virus
Date: Wed, 21 Nov 2001 18:06:24 -0000
'Received' indicates 193.126.192.195 as originating IP, WHOIS points
to Instituto de Informatica e Estatistica da Solidariedade
(Portugal).
Contacts given are:
Jorge.Frazao@KPNQwest.pt
Joao.Alves@seg-social.pt
Jorge.Frazao@KPNQwest.pt
eunet-pt-mnt@KPNQwest.pt
dnsmaster@EUnet.pt
frazao@EUnet.pt
3: "Virus incident"
From: YODA Panda Antivirus for Exchange Server
<YODA_PAvExchSrv@satisfactory.se>
To: "'debian-user@lists.debian.org'"
<debian-user@lists.debian.org>
Subject: Virus incident
Date: Wed, 21 Nov 2001 19:02:12 +0100
'Received' indicates 212.105.56.131 as originating IP. WHOIS points
to Netblock of Satisfactory International AB
Contacts:
lir@utfors.se
martin.andersson@utfors.se
hakan@utfors.net
noc@utfors.se
abuse@utfors.se
erik.lindstrom@satisfactory.se
mattias.bylund@utfors.se
There's a note to the list indicating a columbia.edu origin, but I
don't find any messages in my archive.
Posting appropriate comments to the vendors producing the broken
software in the first place would also be helpful.
Antigen is produced by Sybari Software:
http://www.sybari.com/
President is Robert Wallace: robert.wallace@sybari.com
Yoda appears to be made by Panda Software:
http://www.pandasoftware.com/
info@pandasoftware.com
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? Home of the brave
http://gestalt-system.sourceforge.net/ Land of the free
Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org
Geek for Hire http://kmself.home.netcom.com/resume.html
Attachment:
pgpOfAFB3kV2M.pgp
Description: PGP signature