groff
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Groff] Spam from list member addresses

From: Meg McRoberts
Subject: Re: [Groff] Spam from list member addresses
Date: Thu, 31 Mar 2005 14:45:23 -0800 (PST) 
I sent Peter's mail to one of our malware specialists at Trend Micro.
This is his response:

------------------------------------------------------------------
This is where the problem with most mailing lists comes in.
Most mailing lists prevent outsiders from posting messages but insiders can post
any type of content (without it ever being scanned by any av software).

In this case, it looks like some members got infected with one of the 
mass-mailing
Blueworm variants(aka Blackmal). Once infected, the users mailed infected 
messages and
attachments to the mailing  list. Most AV scanners (incl. our free Housecall:
http://housecall.trendmicro.com) should take care of the infections.
 
http://www.trendmicro.com/vinfo/virusencyclo/default2.asp?m=q&virus=Asses+Mpeg%27s&alt=Asses+Mpeg%27s
 
 
How to prevent this? The admin needs to find a way to 1. prevent attachments 
altogether
or 2. find a way to scan all incoming messages and attachments with AV software 
before
allowing them to be distributed to the entire list.
 
----------------------------------------------------------------------------------

For the short term, could anyone who is reading the list through
Outlook run housecall (http://housecall.trendmicro.com) or the
equivalent program from your AV provider?  That might stop the
current infestation.

As for the long-term solution, does someone on this list (Werner?)
have authorization to install security software on our mail server
or is that under the control of the larger gnu organization?)

meg

============History only below 
===================================================
--- John Doe <address@hidden> wrote:
> I didn't know this sort of spoofing was still
> possible. I remember I used to impress friends by
> sending them emails as address@hidden as a
> kid :)
> 
> The only thing you could reasonably do is press the
> smtp admins to put up authentication, start logging,
> accept messages from users with a certain email
> address only or messages coming from specific IPs only.
> 
> 
>               
> __________________________________ 
> Yahoo! Messenger 
> Show us what our next emoticon should look like. Join the fun. 
> http://www.advision.webevents.yahoo.com/emoticontest
> 
> 
> _______________________________________________
> Groff mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/groff
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]