[lug] OT: what's the latest virus circulating?
hugh at math.byu.edu
hugh at math.byu.edu
Wed Nov 19 04:37:32 MST 2003
> I'm curious if anyone knows what the latest "gift that keeps
> giving" from Uncle Bill is. At the current rate I'll soon be
> rejecting ~100 messages with executable attachments (usually .exe)
> every day -- and that's *after* the messages pass the gauntlet of
> technical and RBL checks. I'm also seeing a slew of empty ("this
> message contained a virus and we've stripped it, but sent you this
> notice anyway just to annoy you") messages.
>
> At least one ISP got it right - it said that the receiver should
> simply reply to the message if they weren't expecting an
> executable attachment - the response would go to the abuse team
> and they would (in theory) help the user clear their infection.
>
> Meanwhile, to bring this remotely back on topic I have to
> recommend again configuring "header checks" in Postfix so it
> rejects any message containing a MIME-encoded executable
> attachment. It's not perfect, but as I said it's knocking out a
> lot of viral messages.
>
If you use spamassassin, you can set a rule that elevates the point count
(which increases the messages probability of being marked as spam) for any
messages with executable content.
Hugh
More information about the LUG
mailing list