| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040322221531.0278.THMAILLISTS@yahoo.com> From: thmaillists at yahoo.com (Troy) Subject: viruses being sent to this list On Tue, 23 Mar 2004 04:46:02 +0200, Gadi Evron <ge@...tistical.reprehensible.net> wrote: > In that case, I wonder why spam doesn't get to the list? Most spammers aren't going to go through the hassle of subscribing to the list to send messages when they can send email directly to people with little effort. > Is some filtering in place? No. The fact that you must be subscribed to post without a moderator approving your messages prevents the spam. Spammers are, for the most part, lazy and cheap. Bypassing the moderation requirement involves work. > Spam is sent from spoofed addresses as well, and moderating unsubscribed > addresses can't account for everything? Spam is not sent randomly from machines infected by a worm. At least, not yet. Yes, a spammer can pull messages from this list and use them to spoof return addresses to get spam through, but the audience isn't large enough to warrant the work. This list, in particular, is even a less desirable target for spammers because the risk of being successfully traced is much higher. > As I mentioned in my original post (and I add to now), I do not > criticize the list not being moderated, full disclosure, free speech, > flame wars, kiddie battles, hate-Microsoft emails, or anything else. > > I criticize viruses which under false pretense try to get me infected > are getting to me through this forum. Getting to thousands through this > forum. This is not under Acceptable Content in the current list charter. It's not acceptable, but there's nothing that can be realistically done to prevent it. To ask the moderators to do something about it is asking far too much. Keep in mind that this is a free list. As Stu pointed out, an automated anti-virus filter will cost too much. Not only that, but the very nature of this list will keep an automated system from working properly. How does an automated system know the difference between an actual virus and some sample code that is sent to the list? It doesn't, which means sample code will be filtered out, which will make this list just another security forum. Another option would be to make the list moderated, which means the moderators will have to spend several hours a day approving messages. This might be a viable option, except for the fact that they are volunteers and are not getting paid to moderate this list. Not only that, but in this litigious society, you have to be very careful about what you do. Once you start filtering messages, you have to be prepared to defend yourself when something bad happens to slip through your defenses. If you didn't do everything you could to prevent a virus from getting through, you're opening yourself up for a lawsuit. Besides, where would they draw the line? The very nature of this list centers around security holes and exploits. Often, the difference between actual malware and a proof of concept executable is very minute, and you can't expect the moderators to have to make judgement calls like that. The only remotely viable option would be to block all attachments, but that will, once again, take away what makes this list unique. -- Troy
Powered by blists - more mailing lists