OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: reg. the virus which is spreading fast
From: Matthew Hawkins (matthewtopic.com.au)
Date: Fri May 05 2000 - 02:29:26 CDT

On 2000-05-04 15:17:52 +0200, Claus Guttesen wrote:
> Dear all.
>
> Regarding the header-check on the subject-field, the only action one can
> take is to reject the mail.

Sounds good. :-)

> Can you route the mail to /dev/null based on the subject-field?

Since the virus could be sent with _any_ Subject field, I suggest you do
one of three things:

1) Route all mail with a subject field to /dev/null, since it could
   possibly contain this (or any other) virus.

2) Since 1 wastes bandwidth, just turn off all SMTP servers, which would
   be the net-friendly way of achieving 1)

3) Get the lamers running winblows to install a virus killer. My fav.
   happens to be F-Prot (commercially known as F-Secure) which can
   identify and kill more viruses than an immubiologist. Well, close
   enough for my sanity. Yes, it does kill the ILOVEYOU one.

I don't want to even think about the performance hit or the time taken
in maintenance of a script to check emails for viruses before it is
collected by the delivery agent spawner process. I get a measly 800
emails daily, none of which can possibly contain a virus which will ever
affect me. Same for many co-workers. I don't think our mail server
(486/66 w/ 16Mb of ram) should have to fork perl 800 times and parse my
private mail for no purpose whatsoever; with a script that has to be
changed not only each time a new virus/exploit comes out, but each time
a released virus mutates.

I want my mail today, not next week.

Dig a hole with a shovel, not a chainsaw.
Kill a virus with a virus killer, not a mail transport agent. 

-- 
Matt