lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <DF79BE12AF8DD344B107D0D03621E5750ED9C9@kermit.corp.hansenet.com>
From: vogt at hansenet.com (vogt@...senet.com)
Subject: AW: Filtering sobig with postfix 

> > /see attached file for details/	REJECT
> > 
> > ever since, I've not had a single one coming through.
> 
> The reason this one works for the worm writers is because 
> it's standard English
> usage - as a result, it's *very* prone to false positives.  
> And you give no indication
> of *why* the file was rejected, so the sender has no idea 
> that if he re-sends but
> says "Hey check out the file for the long version" instead it 
> will get through.

It ain't perfect, but it works. I'll probably remove it once
this storm has blown over. I wanted to share it because it is
easy to implement and works like charm.

The improved version:

/see attached file for details/	554 Refusing to accept your virus e-mail

should solve the problem that the sender has no idea why his
mail was rejected.


Tom Vogt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ