lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4062EEE0.528BF7A7@swift.com>
From: jimmy.kuijpers at swift.com (KUIJPERS Jimmy)
Subject: meay-meay! (virus sent via full-discosure list)

How many times has this been discussed on the list?  Such alteration of messages send is in itself a form of moderation. even if you
don't remove the virus itself. Something the list charter clearly states it will not do. Besides, why would the FD owners want to
spend money (cpu power required for additional proccesing) on anti-virus while anti-virus is the clients responsibility. Especially
on a security mailing list as this.

If you want to treat virusses difrently by adding a flag then you could have your own virusscanner do it. (and then you have to pay
for the additional proccesing ;-) )


My 2ct



Bill Royds wrote:

>  This virus sent to the list shows the problem of complete lack of
> moderation. What would be best is a filter that does a virus scan and WARNS
> about possible virus, but does not block anything. You would still be
> responsible for personal digital hygiene, but would have a flag to filter
> on.
>
> Here are the headers of this message with McAfee message and a whois on the
> originating MTA IP.
>
> Return-Path: <full-disclosure-admin@...ts.netsys.com>
> Received: from netsys.com (NETSYS.COM [199.201.233.10])
>         by mail.zoneedit.com (Postfix) with ESMTP id 285443FA0D
>         for <full-disclosure@...ds.net>; Wed, 24 Mar 2004 17:17:19 -0500
> (EST)
> Received: from NETSYS.COM (localhost [127.0.0.1])
>         by netsys.com (8.11.6p2-2003-09-16/8.11.6) with ESMTP id
> i2OM4lJ28528;
>         Wed, 24 Mar 2004 17:04:47 -0500 (EST)
> Received: from kermit ([62.38.237.28])
>         by netsys.com (8.11.6p2-2003-09-16/8.11.6) with SMTP id i2OLRWX15727
>         for <full-disclosure@...ts.netsys.com>; Wed, 24 Mar 2004 16:27:34
> -0500 (EST)
> To: full-disclosure@...ts.netsys.com
> From: macubergeek@...cast.net
> Message-ID: <qcwokkovsbsisnacbtp@...cast.net>
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
>         boundary="--------sbeuunoxpacatulivtum"
> Subject: [Full-Disclosure] meay-meay!
> Sender: full-disclosure-admin@...ts.netsys.com
> Errors-To: full-disclosure-admin@...ts.netsys.com
> X-BeenThere: full-disclosure@...ts.netsys.com
> X-Mailman-Version: 2.0.12
> Precedence: bulk
> List-Unsubscribe:
> <http://lists.netsys.com/mailman/listinfo/full-disclosure>,
>
> <mailto:full-disclosure-request@...ts.netsys.com?subject=unsubscribe>
> List-Id: Discussion of security issues <full-disclosure.lists.netsys.com>
> List-Post: <mailto:full-disclosure@...ts.netsys.com>
> List-Help: <mailto:full-disclosure-request@...ts.netsys.com?subject=help>
> List-Subscribe: <http://lists.netsys.com/mailman/listinfo/full-disclosure>,
>         <mailto:full-disclosure-request@...ts.netsys.com?subject=subscribe>
> List-Archive: <http://lists.netsys.com/pipermail/full-disclosure/>
> Date: Wed, 24 Mar 2004 23:27:25 +0200
>
> ******************   McAfee VirusScan ************************
> ******* Alert generated at: Wed, 24 Mar 2004 18:29:19 -0500 *********
> *********************************************************************
>
> McAfee VirusScan has detected a potential threat in this e-mail
> sent by macubergeek@...cast.net.
> The following actions were attempted on each suspicious part.
> We strongly recommend that you report this virus-related activity
> to macubergeek@...cast.net.
>
>  The attachment "TextFile.zip" is infected with the W32/Bagle.gen!pwdzip
> Virus(es).
> This attachment has been cleaned.
>
> ===================whois for sending MUA ==========
>
> 03/25/04 08:29:36 whois 62.38.237.28@...is.ripe.net
>
> whois -h whois.ripe.net 62.38.237.28 ...
> % This is the RIPE Whois server.
> % The objects are in RPSL format.
> %
> % Rights restricted by copyright.
> % See http://www.ripe.net/ripencc/pub-services/db/copyright.html
>
> inetnum:      62.38.0.0 - 62.38.255.255
> netname:      GR-HOL-20010530
> descr:        Hellas On Line S.A.
> descr:        PROVIDER
> country:      GR
> admin-c:      HA194-RIPE
> tech-c:       CO95-RIPE
> status:       ALLOCATED PA
> mnt-by:       RIPE-NCC-HM-MNT
> mnt-lower:    AS3329-MNT
> changed:      hostmaster@...e.net 20010530
> changed:      hostmaster@...e.net 20031210 # gr.hol.aval via
> https://lirportal.ripe.net
> source:       RIPE
>
> route:        62.38.0.0/16
> descr:        HOL
> origin:       AS3329
> mnt-lower:    AS3329-MNT
> mnt-routes:   AS3329-MNT
> mnt-by:       AS3329-MNT
> changed:      tkor@....gr 20010530
> source:       RIPE
>
> role:         HOL Administration
> address:      Hellas On Line S.A.
> address:      Harilaou Trikoupi 151
> address:      N. Kiffisia, Greece 14564
> e-mail:       admin@....gr
> trouble:      Questions....... mail to: noc@....gr
> trouble:      Spam Reports.... mail to: postmaster@....gr
> trouble:      Abuse Reports... mail to: abuse@....gr
> admin-c:      KK5841-RIPE
> tech-c:       AV845-RIPE
> tech-c:       TK583-RIPE
> tech-c:       CO95-RIPE
> nic-hdl:      HA194-RIPE
> mnt-by:       AS3329-MNT
> changed:      vicky@....gr 19970821
> changed:      vicky@....gr 19970826
> changed:      noc@....gr 19981217
> changed:      aval@....gr 20000110
> changed:      aval@....gr 20010314
> changed:      aval@....gr 20020121
> changed:      aval@....gr 20030624
> source:       RIPE
>
> role:         HOL Network Operations Center
> address:      Hellas On Line S.A.
> address:      Harilaou Trikoupi 151
> address:      N. Kiffisia, Greece 14564
> e-mail:       noc@....gr
> trouble:      Questions....... mail to: noc@....gr
> trouble:      Spam Reports.... mail to: postmaster@....gr
> trouble:      Abuse Reports... mail to: abuse@....gr
> admin-c:      KK5841-RIPE
> tech-c:       AV845-RIPE
> tech-c:       TK583-RIPE
> nic-hdl:      CO95-RIPE
> mnt-by:       AS3329-MNT
> changed:      vicky@....gr 19970821
> changed:      noc@....gr 19981217
> changed:      aval@....gr 20000110
> changed:      aval@....gr 20010314
> changed:      aval@....gr 20010320
> changed:      aval@....gr 20010607
> changed:      aval@....gr 20020121
> changed:      tkor@....net 20030909
> source:       RIPE
>
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
> macubergeek@...cast.net
> Sent: March 24, 2004 4:27 PM
> To: full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] meay-meay!
>
>  The access is open !!!
>
> password  for  archive: 01825
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040325/314f00a0/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 1477 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040325/314f00a0/smime.bin

Powered by blists - more mailing lists