[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications
Matthew.van.Eerde at hbinc.com
Matthew.van.Eerde at hbinc.com
Wed Jun 29 19:22:30 EDT 2005
Chris Gauch wrote:
> Just look at what SOBER did for almost 2 weeks (about 1 month ago).
> If everyone had been silently discarding messages infected by SOBER
> at their gateways, the virus would've had a much smaller impact on
> home users and small to medium businesses. There were times where we
> were discarding over 200,000 virus-infected messages per day;
> virtually ALL of those discards were from BOUNCES that had
> encapsulated the virus in the bounce message.
Sober uses its own SMTP engine:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.k@mm.html
So if you reject, the virus will presumably not bother to send a bounce message.
I suppose if Sober forges a sender of
annie at annie.example.com
and sends to
bob at bob.example.org
which .forwards to
charlie at charlie.example.net
and bob.example.org accepts the mail
and charlie.example.net rejects it
then bob.example.org encapsulates the virus in an NDR to annie at annie.example.com
then annie at annie.example.com opens it and gets infected
then Annie might get upset.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
More information about the MIMEDefang
mailing list