on Wed, Nov 21, 2001 at 10:45:40PM -0500, Michael P. Soulier (michael.soulier@home.com) wrote: > On Wed, Nov 21, 2001 at 05:55:21PM -0800, Karsten M. Self wrote: > > > > I'd suggest a massive response (that is, many people, not one person > > replying many times) to the postmaster address, or other WHOIS contacts > > listed if postmaster is invalid (an RFC 822 violation, FWIW). > > > > This practice is to be strongly discouraged. As with a nuclear chain > > reaction, it can rapidly get out of hand. > > Post the email address to complain to and I'll be glad to. The following is results of analysis on headers in AV notices posted here: 1: "Antigen found Aliz.4096 Worm..." Note that the 'From' header was likely malformed, mine has substituted my ISP's POPD server for the host/domain portion of the address. From: Antigen@popd.ix.netcom.com To: debian-user@lists.debian.org Subject: Antigen found Aliz.4096.Worm (Norman,Sophos) virus 'Received' indicates 206.98.143.251 as the originating IP. This doesn't resolve, but WHOIS indicates a Cable & Wireless customer, COX Enterprises (NETBLK-CW-206-98-142). Administrative contact: Christian Rohde <christian.rohde@cox.com> 2: "Antigen found W32/Aliz@MM (McAfee4) virus" At least the header looks properly formed. From: ANTIGEN_SSEXCH-00-IMC1 <ANTIGEN_SSEXCH-00-IMC1@seg-social.pt> To: "'debian-user@lists.debian.org'" <debian-user@lists.debian.org> Subject: Antigen found W32/Aliz@MM (McAfee4) virus Date: Wed, 21 Nov 2001 18:06:24 -0000 'Received' indicates 193.126.192.195 as originating IP, WHOIS points to Instituto de Informatica e Estatistica da Solidariedade (Portugal). Contacts given are: Jorge.Frazao@KPNQwest.pt Joao.Alves@seg-social.pt Jorge.Frazao@KPNQwest.pt eunet-pt-mnt@KPNQwest.pt dnsmaster@EUnet.pt frazao@EUnet.pt 3: "Virus incident" From: YODA Panda Antivirus for Exchange Server <YODA_PAvExchSrv@satisfactory.se> To: "'debian-user@lists.debian.org'" <debian-user@lists.debian.org> Subject: Virus incident Date: Wed, 21 Nov 2001 19:02:12 +0100 'Received' indicates 212.105.56.131 as originating IP. WHOIS points to Netblock of Satisfactory International AB Contacts: lir@utfors.se martin.andersson@utfors.se hakan@utfors.net noc@utfors.se abuse@utfors.se erik.lindstrom@satisfactory.se mattias.bylund@utfors.se There's a note to the list indicating a columbia.edu origin, but I don't find any messages in my archive. Posting appropriate comments to the vendors producing the broken software in the first place would also be helpful. Antigen is produced by Sybari Software: http://www.sybari.com/ President is Robert Wallace: robert.wallace@sybari.com Yoda appears to be made by Panda Software: http://www.pandasoftware.com/ info@pandasoftware.com Peace. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? Home of the brave http://gestalt-system.sourceforge.net/ Land of the free Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html
Attachment:
pgpOfAFB3kV2M.pgp
Description: PGP signature