| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: evan.borgstrom at ca.mci.com (Evan Borgstrom) Subject: Swen Really Sucks http://tmda.sourceforge.net Blacklist centric message system. I haven't seen a single swen message yet. It doesn't solve the bandwidth problem but at least it solves the problem of the messages appearing in your inbox. On Wed, 2003-09-24 at 03:29, Peter Busser wrote: > Hi! > > > Therefore, no IP, e-mail, or domain filter will solve the problem > > completely without filtering every single possible permutation of From: > > address that the virus spits out... > > I use several procmail rules to filter out domains (microsoft.com, msdn.com, > etc.) in From: and From, To: (e.g. microsoft.com) and certain words in the > subject (e.g. Microsoft). Since the virus depends on looking like an authentic > message, it can't do too much randomisation of the domains and subject lines. > Of course the filtering is not perfect, but it still reduces the number of > virus messages hitting the inbox. > > Removing messages with an executable attachment will also help of course. > Except with the messages sent to mailing lists that remove attachments > alltogether. > > > and using the "From" address rather than > > the "From:" address for the filter doesn't work, either, because the "From" > > address appears to be a different non-randomized e-mail address, possibly the > > real e-mail address of the infected victim (? haven't read any forensic > > analysis on this point yet...) > > Does this imply that your e-mail filter does not understand regular > expressions? > > Groetjes, > Peter Busser
Powered by blists - more mailing lists