OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: reg. the virus which is spreading fast
From: Florian Lohoff (florfc822.org)
Date: Fri May 05 2000 - 10:09:40 CDT

On Fri, May 05, 2000 at 05:29:26PM +1000, Matthew Hawkins wrote:
> On 2000-05-04 15:17:52 +0200, Claus Guttesen wrote:
> > Dear all.
> >
> > Regarding the header-check on the subject-field, the only action one can
> > take is to reject the mail.
>
> Sounds good. :-)
>
> > Can you route the mail to /dev/null based on the subject-field?
>
> Since the virus could be sent with _any_ Subject field, I suggest you do
> one of three things:
>
> 1) Route all mail with a subject field to /dev/null, since it could
> possibly contain this (or any other) virus.
>
> 2) Since 1 wastes bandwidth, just turn off all SMTP servers, which would
> be the net-friendly way of achieving 1)
>
> 3) Get the lamers running winblows to install a virus killer. My fav.
> happens to be F-Prot (commercially known as F-Secure) which can
> identify and kill more viruses than an immubiologist. Well, close
> enough for my sanity. Yes, it does kill the ILOVEYOU one.
>
> I don't want to even think about the performance hit or the time taken
> in maintenance of a script to check emails for viruses before it is
> collected by the delivery agent spawner process. I get a measly 800
> emails daily, none of which can possibly contain a virus which will ever
> affect me. Same for many co-workers. I don't think our mail server
> (486/66 w/ 16Mb of ram) should have to fork perl 800 times and parse my
> private mail for no purpose whatsoever; with a script that has to be
> changed not only each time a new virus/exploit comes out, but each time
> a released virus mutates.
>
> I want my mail today, not next week.
>
> Dig a hole with a shovel, not a chainsaw.
> Kill a virus with a virus killer, not a mail transport agent.

You seem to ignore the reality - Most of the Windows mail users
sitting in big companies dont even know of the existance of a virus
killer nor the problem of active content.

I tend to just delete/replace active content on all incoming/outgoing
mail as Microsoft doesnt seem to be able to secure their products.

I am happy with ILOVEYOU things - I also dont seem to communicate with
Windows Users a lot as i didnt get a single copy of that nive Worm although
a couple of thousand people near me havent been able to mail yesterday.

Flo 

-- 
Florian Lohoff		florfc822.org		      	+49-subject-2-change
"Technology is a constant battle between manufacturers producing bigger and
more idiot-proof systems and nature producing bigger and better idiots."