[Mimedefang] generating virus email notifications (please don't do it!)

[Tim Kramer]

But you might not be sending them at all!

Klez and Bugbear have the nasty ability of grabbing
addresses off of the local machine and forging the
"From" line.  It could be that someone on this
list is using Outlook and you're address got picked.

I've been pretty "entertained" by Bugbear in the
last few days myself.  One of our customer sysadmins
called, "Helllllp!!".  Seems that every printer in
his building was spitting up pages with a couple
lines of gibberish on it (a symptom of Bugbear).

He'd covered all infections vectors (port 137,
e-mail virus scanners) except one: web mail.
Seems someone downloaded their messages directly
onto their machine and opened them without
thinking.

Heh, wonder if there's a way we could filter
users.

- Tim



On Wed, 2002-10-09 at 09:58, Tony Nugent wrote:
> Fact: bugbear forges sender addresses.
> 
> In the last few days I have been getting a LOT administrative email
> sent to me claiming that "my email to <someone-I-don't-know> was
> blocked because it contained the bugbear virus" (or similar).
> (Perhaps two or three dozen so far).
> 
> No way... I never send the virus, nor any messages to any of the
> supposed recipients.  Not unless there's a new linux variant :-)
> 
> More than half of these message originated from systems running
> sendmail with mimedefang.  (The others were windows servers running
> a symantec product, with a most un-informative techogobble message).
> 
> Can I ask (plead!!) that a general practice be adopted to simply
> DROP virus-infected emails... generating these "notification"
> messages to the supposed sender is acheiving nothing except wasting
> bandwidth and confusing a lot of innocent people.
> 
> Thanks.
> 
> Cheers
> Tony 
> (who is admittedly having a VeryStressfulDay:)
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang