lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20040127210359.GO1456@sentex.net>
From: damian at sentex.net (Damian Gerow)
Subject: antivirus s/w

Thus spake Bryan K. Watson (bwatson@...tracers.com) [27/01/04 15:57]:
> >Especially with virii spoofing the "From" field now. It just ends up with
> >somebody at random getting the response, which is likely to cause more
> >confusion.
> 
> The problem is not just antivirus software...the SMTP RFC states that mail
> servers must be polite as well....so all the sysadmins have to deal with
> purging all those double bounces from faked headers and invalid
> destinations. 

~postmaster/.procmailrc:

    :0:
    * ^Subject: (Postmaster (notify|warning)|Could not send message for|Returned mail)
    double-bounce              

(Note that this will need to change if you send mail from postmaster@.)

Not terribly difficult.  IMHO, dealing with false virus notifications -- and
servers that 'politely' strip the worm code before it gets to you -- is a
bigger pain.  I actually get more 'disinfected' viruses than viruses
themselves.  Until we see a virus that attaches itself to valid messages
(which I bet will be Real Soon Now), there's no need to just disinfect an
e-mail.

Powered by blists - more mailing lists