Re: [Exim] FIY: Turn off virus alerts to sender (slightly OT…

Góra strony
Delete this message
Reply to this message
Autor: Jez Hancock
Data:  
Dla: Willie Viljoen
CC: exim-users
Temat: Re: [Exim] FIY: Turn off virus alerts to sender (slightly OT)
On Wed, Feb 11, 2004 at 05:58:33PM +0200, Willie Viljoen wrote:
> This is slightly off topic, as it applies to anybody doing virus checking
> and sending alerts to the sender, not just Exim users. I feel I should post
> it anyway, in the hope that it helps.
>
> Variants of the MyDoom worm that spread via e-mail seem to be following the
> pattern not only to harvest target addresses from mailing lists, infected
> address books, etc, but to also harvest addresses for use in forging a
> sender address. This is probably a way for the virus to get around callbacks
> and other verification procedures, i.e., forging an e-mail from a valid
> address in a valid domain.


A similar topic was discussed on Bugtraq a few weeks ago:

http://marc.theaimsgroup.com/?l=bugtraq&m=107577192723048&w=2

where the OT was pointed to various RFCs that already detail suggestions
for AV autoresponders et al.


--
Jez Hancock
- System Administrator / PHP Developer

http://munk.nu/
http://jez.hancock-family.com/  - Another FreeBSD Diary
http://ipfwstats.sf.net/        - ipfw peruser traffic logging