OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Changed subject (was Re: reg. virus named ...)
From: Lars Hecking (lheckingnmrc.ucc.ie)
Date: Thu May 04 2000 - 07:42:56 CDT

 As this log entry shows,

May 4 13:14:23 bastion.nmrc.ucc.ie postfix/cleanup[1782]: DBB5D4F93: reject: header Subject: reg. virus named ILOVEYOU; from=<owner-postfix-userspostfix.org> to=<lheckingnmrc.ucc.ie>

 it may not have been the best of ideas to put ILOVEYOU into the subject
 line of this message.

Claus Guttesen writes:
> Dear all.
> This had reached postfix-userscloud9.net. Therefore this message may have
> been received before. Pls. ignore.
>
> Having the virus ILOVEYOU apperantly spreading so fast, you may take the
> time to implement this simple header-check.
 
 Considering how easily email subjects are changed, this creates a FALSE
 SENSE OF SECURITY.

 (Of course I added the header check as soon as I heard about this,
  but I also updated my virus checker. There :)

> If not active in /etc/postfix/main.cf uncomment the line and change it to
> a line similar to:
>
> header_checks = regexp:/etc/postfix/header_checks
>
> Add the following line in /etc/postfix/header_checks:
> /^Subject: ILOVEYOU/ REJECT
>
> This will reject mails containing this subject.
>
> Other ideas appreciated. I'd like to pipe these messages to /dev/null, can
> one do this?

 Install a virus checker.

> As stated earlier, this virus may spread faster than the Melissa-virus.