lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <4062EEE0.528BF7A7@swift.com> From: jimmy.kuijpers at swift.com (KUIJPERS Jimmy) Subject: meay-meay! (virus sent via full-discosure list) How many times has this been discussed on the list? Such alteration of messages send is in itself a form of moderation. even if you don't remove the virus itself. Something the list charter clearly states it will not do. Besides, why would the FD owners want to spend money (cpu power required for additional proccesing) on anti-virus while anti-virus is the clients responsibility. Especially on a security mailing list as this. If you want to treat virusses difrently by adding a flag then you could have your own virusscanner do it. (and then you have to pay for the additional proccesing ;-) ) My 2ct Bill Royds wrote: > This virus sent to the list shows the problem of complete lack of > moderation. What would be best is a filter that does a virus scan and WARNS > about possible virus, but does not block anything. You would still be > responsible for personal digital hygiene, but would have a flag to filter > on. > > Here are the headers of this message with McAfee message and a whois on the > originating MTA IP. > > Return-Path: <full-disclosure-admin@...ts.netsys.com> > Received: from netsys.com (NETSYS.COM [199.201.233.10]) > by mail.zoneedit.com (Postfix) with ESMTP id 285443FA0D > for <full-disclosure@...ds.net>; Wed, 24 Mar 2004 17:17:19 -0500 > (EST) > Received: from NETSYS.COM (localhost [127.0.0.1]) > by netsys.com (8.11.6p2-2003-09-16/8.11.6) with ESMTP id > i2OM4lJ28528; > Wed, 24 Mar 2004 17:04:47 -0500 (EST) > Received: from kermit ([62.38.237.28]) > by netsys.com (8.11.6p2-2003-09-16/8.11.6) with SMTP id i2OLRWX15727 > for <full-disclosure@...ts.netsys.com>; Wed, 24 Mar 2004 16:27:34 > -0500 (EST) > To: full-disclosure@...ts.netsys.com > From: macubergeek@...cast.net > Message-ID: <qcwokkovsbsisnacbtp@...cast.net> > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="--------sbeuunoxpacatulivtum" > Subject: [Full-Disclosure] meay-meay! > Sender: full-disclosure-admin@...ts.netsys.com > Errors-To: full-disclosure-admin@...ts.netsys.com > X-BeenThere: full-disclosure@...ts.netsys.com > X-Mailman-Version: 2.0.12 > Precedence: bulk > List-Unsubscribe: > <http://lists.netsys.com/mailman/listinfo/full-disclosure>, > > <mailto:full-disclosure-request@...ts.netsys.com?subject=unsubscribe> > List-Id: Discussion of security issues <full-disclosure.lists.netsys.com> > List-Post: <mailto:full-disclosure@...ts.netsys.com> > List-Help: <mailto:full-disclosure-request@...ts.netsys.com?subject=help> > List-Subscribe: <http://lists.netsys.com/mailman/listinfo/full-disclosure>, > <mailto:full-disclosure-request@...ts.netsys.com?subject=subscribe> > List-Archive: <http://lists.netsys.com/pipermail/full-disclosure/> > Date: Wed, 24 Mar 2004 23:27:25 +0200 > > ****************** McAfee VirusScan ************************ > ******* Alert generated at: Wed, 24 Mar 2004 18:29:19 -0500 ********* > ********************************************************************* > > McAfee VirusScan has detected a potential threat in this e-mail > sent by macubergeek@...cast.net. > The following actions were attempted on each suspicious part. > We strongly recommend that you report this virus-related activity > to macubergeek@...cast.net. > > The attachment "TextFile.zip" is infected with the W32/Bagle.gen!pwdzip > Virus(es). > This attachment has been cleaned. > > ===================whois for sending MUA ========== > > 03/25/04 08:29:36 whois 62.38.237.28@...is.ripe.net > > whois -h whois.ripe.net 62.38.237.28 ... > % This is the RIPE Whois server. > % The objects are in RPSL format. > % > % Rights restricted by copyright. > % See http://www.ripe.net/ripencc/pub-services/db/copyright.html > > inetnum: 62.38.0.0 - 62.38.255.255 > netname: GR-HOL-20010530 > descr: Hellas On Line S.A. > descr: PROVIDER > country: GR > admin-c: HA194-RIPE > tech-c: CO95-RIPE > status: ALLOCATED PA > mnt-by: RIPE-NCC-HM-MNT > mnt-lower: AS3329-MNT > changed: hostmaster@...e.net 20010530 > changed: hostmaster@...e.net 20031210 # gr.hol.aval via > https://lirportal.ripe.net > source: RIPE > > route: 62.38.0.0/16 > descr: HOL > origin: AS3329 > mnt-lower: AS3329-MNT > mnt-routes: AS3329-MNT > mnt-by: AS3329-MNT > changed: tkor@....gr 20010530 > source: RIPE > > role: HOL Administration > address: Hellas On Line S.A. > address: Harilaou Trikoupi 151 > address: N. Kiffisia, Greece 14564 > e-mail: admin@....gr > trouble: Questions....... mail to: noc@....gr > trouble: Spam Reports.... mail to: postmaster@....gr > trouble: Abuse Reports... mail to: abuse@....gr > admin-c: KK5841-RIPE > tech-c: AV845-RIPE > tech-c: TK583-RIPE > tech-c: CO95-RIPE > nic-hdl: HA194-RIPE > mnt-by: AS3329-MNT > changed: vicky@....gr 19970821 > changed: vicky@....gr 19970826 > changed: noc@....gr 19981217 > changed: aval@....gr 20000110 > changed: aval@....gr 20010314 > changed: aval@....gr 20020121 > changed: aval@....gr 20030624 > source: RIPE > > role: HOL Network Operations Center > address: Hellas On Line S.A. > address: Harilaou Trikoupi 151 > address: N. Kiffisia, Greece 14564 > e-mail: noc@....gr > trouble: Questions....... mail to: noc@....gr > trouble: Spam Reports.... mail to: postmaster@....gr > trouble: Abuse Reports... mail to: abuse@....gr > admin-c: KK5841-RIPE > tech-c: AV845-RIPE > tech-c: TK583-RIPE > nic-hdl: CO95-RIPE > mnt-by: AS3329-MNT > changed: vicky@....gr 19970821 > changed: noc@....gr 19981217 > changed: aval@....gr 20000110 > changed: aval@....gr 20010314 > changed: aval@....gr 20010320 > changed: aval@....gr 20010607 > changed: aval@....gr 20020121 > changed: tkor@....net 20030909 > source: RIPE > > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > macubergeek@...cast.net > Sent: March 24, 2004 4:27 PM > To: full-disclosure@...ts.netsys.com > Subject: [Full-Disclosure] meay-meay! > > The access is open !!! > > password for archive: 01825 > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040325/314f00a0/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 1477 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040325/314f00a0/smime.bin
Powered by blists - more mailing lists