NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2000-05

Subject: Re: Changed subject (was Re: reg. virus named ...)
From: Claus Guttesen (clauseu.ww-group.com)
Date: Thu May 04 2000 - 07:51:11 CDT

Next message: Lutz Jaenicke: "Re: Changed subject (was Re: reg. virus named ...)"
Previous message: Lars Hecking: "Changed subject (was Re: reg. virus named ...)"
In reply to: Lars Hecking: "Changed subject (was Re: reg. virus named ...)"
Next in thread: Lars Hecking: "Re: Changed subject (was Re: reg. virus named ...)"
Next in thread: Lutz Jaenicke: "Re: Changed subject (was Re: reg. virus named ...)"
Reply: Claus Guttesen: "Re: Changed subject (was Re: reg. virus named ...)"
Reply: Lars Hecking: "Re: Changed subject (was Re: reg. virus named ...)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 4 May 2000, Lars Hecking wrote:

>
> As this log entry shows,
>
> May 4 13:14:23 bastion.nmrc.ucc.ie postfix/cleanup[1782]: DBB5D4F93: reject: header Subject: reg. virus named ILOVEYOU; from=<owner-postfix-userspostfix.org> to=<lheckingnmrc.ucc.ie>
>
Agree.

> it may not have been the best of ideas to put ILOVEYOU into the subject
> line of this message.
>
> Claus Guttesen writes:
> > Dear all.
> > This had reached postfix-userscloud9.net. Therefore this message may have
> > been received before. Pls. ignore.
> >
> > Having the virus ILOVEYOU apperantly spreading so fast, you may take the
> > time to implement this simple header-check.
>
> Considering how easily email subjects are changed, this creates a FALSE
> SENSE OF SECURITY.

Yes, but the virus is looking at a predefined mailing-list, so the
end-user don't have a chance changing the subject-header. And these users
are spreading the largest percentage of the infected mail.

>
> (Of course I added the header check as soon as I heard about this,
> but I also updated my virus checker. There :)
>

Other people are taking care of the desktop-environment, we await for the
virus-pattern.

> > If not active in /etc/postfix/main.cf uncomment the line and change it to
> > a line similar to:
> >
> > header_checks = regexp:/etc/postfix/header_checks
> >
> > Add the following line in /etc/postfix/header_checks:
> > /^Subject: ILOVEYOU/ REJECT
> >
> > This will reject mails containing this subject.
> >
> > Other ideas appreciated. I'd like to pipe these messages to /dev/null, can
> > one do this?
>
> Install a virus checker.

A virus-checker only works on local mail, not mail being relayed. This
server act as a relay-host.

>
> > As stated earlier, this virus may spread faster than the Melissa-virus.
>
>
>

regards
Claus

Next message: Lutz Jaenicke: "Re: Changed subject (was Re: reg. virus named ...)"
Previous message: Lars Hecking: "Changed subject (was Re: reg. virus named ...)"
In reply to: Lars Hecking: "Changed subject (was Re: reg. virus named ...)"
Next in thread: Lars Hecking: "Re: Changed subject (was Re: reg. virus named ...)"
Next in thread: Lutz Jaenicke: "Re: Changed subject (was Re: reg. virus named ...)"
Reply: Claus Guttesen: "Re: Changed subject (was Re: reg. virus named ...)"
Reply: Lars Hecking: "Re: Changed subject (was Re: reg. virus named ...)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]