Viruses

John Hardin johnh at aproposretail.com
Tue Mar 26 04:56:27 EST 2002 

On Mon, 2002-03-25 at 09:41, Jim Knoble wrote:
> Circa 2002-Mar-25 09:08:17 -0800 dixit John Hardin:
> 
> : Can somebody install an attachment filter on the listserv?
> 
> Why?  I'd think that filtering out the yutzes who send viruses to the
> list would work better. Survival of the fittest, where "fit" implies
> "not using virus propagation platforms like MS Outlook".

(evil grin) Put a filter on the listserv that rejects messages with
Mailer: headers that contain the strings "Microsoft" or "Outlook"...

> Filtering out attachments also filters out:
> 
>   - Attached patches
>   - Attached config.log files
>   - Attached detached OpenPGP signatures
> 
> All of which are rather useful here.

...not if your attachment filter is configurable. We don't need .EXE,
.PIF, .SCR etc. ad nauseum. I didn't have total attachment blocking in
mind.

> You'd be better off finding a mail user agent that doesn't execute the
> content it receives (and joining the ranks of the "fit").

Who says I use a vulnerable MUA? And my server catches these attachments
quite handily. I'm just annoyed by the flood of notices sent to the list
by others' mail servers. I also lament the bandwidth wasted by the
listserv forwarding X hundreds of copies of a worm or virus. It'd be
nice to see the filtering moved one step closer to the source and avoid
those problems.

Just for consideration, I'll insert a plug for the package I wrote:

  http://www.impsec.org/email-tool/procmail-security.html

-- 
John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
 "Rather than form a federation with Microsoft and work with what we
  had already created, there was this notion that the world should be
  offered an alternative."
                     - Craig Mundie, Microsoft CTO,
                       puzzled by non-MS-owned .NET user data services
-----------------------------------------------------------------------
 51 days until Star Wars episode II: Attack of the Clones

More information about the openssh-unix-dev mailing list