[Mimedefang] Accuracy of infected IP in mdlog
Ben Kamen
bkamen at benjammin.net
Mon May 17 10:55:42 EDT 2004
Joseph Brennan wrote:
>
>
> --On Monday, May 17, 2004 10:14 AM -0400 "David F. Skoll"
> <dfs at roaringpenguin.com> wrote:
>
>> Actually, there's a very large ISP in Canada (Sympatico) that shuts down
>> customers if it detects that they are sending out viruses. You don't get
>> your connectivity back until you have proven your machine is clean.
>
>
>
> A large university in New York does the same thing!
>
Univ of Illinois in Champaign does as well...
Unfortunately, they were using some alert service and a replay *I* made to the
ISC DHCP list got forwarded back down to someone else on the list in security at
the university and they mistook the debug data in the original DHCP poster's
message (that I was replying to) and somehow thought it was a virus payload and
blocked me at the firewall. This made me very mad as the contect of the whole
message explaining why I was blocked had the original message including all the
header to prove it was from me, but also proved that it was just an email that
the investigator should have seen and thus ignored in the first place.
(shaking head)
just NOW they're starting to look into ways of blocking spam as it's gotten
pretty bad. Our department already has spam-assassin in place on our email
server (which I don't use anyway since I have my own). So the university is like
a year behind everyone else... Bleah...
Surprising? Kinda. We got the NCSA here but no spam-control in place.
Go figure.
-Ben
More information about the MIMEDefang
mailing list