Attachments=No (this rejects the posting)

or Attachments=No, Filter (this accepts the posting but removes the
attachment unbeknownst to the sender)

-----Original Message-----
From: Patrick B. O'Brien [mailto:[log in to unmask]]
Sent: Wednesday, January 28, 2004 3:13 PM
To: [log in to unmask]
Subject: Re: Repercussion of Viruses?


Good job. How would I tell my list not to except an attachment?



-----Original Message-----
From: Paul Russell [mailto:[log in to unmask]]
Sent: Wednesday, January 28, 2004 8:21 AM
To: [log in to unmask]
Subject: Re: Repercussion of Viruses?

Brian Stoughton wrote:

> Hi all.
>
> I'm seeing an issue where virus emails (subject line "Hi" etc...) are
being
> sent to some of our lists.  These lists are restricted so that only
editors
> or owners may send to the list, and they also require confirmation.
The
> owners/editors are claiming that they have not received requests for
> confirmation, and I don't see any evidence in the listserv logs that
show
> otherwise.  Any ideas?
>

These are almost certainly copies of the MyDoom (aka Novarg) virus. The
outbreak
started Monday afternoon and will probably come close to matching the
Sobig.f
outbreak of last August.

MyDoom is a mass-mailing virus which forges the sender addresses on the
messages
it sends, using addresses it finds in files on the infected computers.
It sends
copies of itself to other addresses it finds in files on those
computers.
Apparently, at least one individual associated with your list has an
infected
computer which is sending messages to the list address with an editor's
address
forged as the return address.

You can put an immediate stop to this by configuring the list to require
confirmation on posting. The unfortunate side effect of this change is
that
the individual whose return address was forged on the message will
receive a
confirmation request for each forged message.

You can also configure the list to reject messages with attachments.
This
will have the same unfortunate side effect, except the outbound messages
will
be rejection messages, not confirmation requests.

These are measures you can implement in a matter of minutes, simply by
changing the list configuration.

You can eliminate the problem by introducing email virus protection into
your
mail/list server environment. The Windows and Linux versions of LISTSERV
1.8e
are designed to work with an anti-virus product from F-Secure. If this
is not
a viable option, you can put the LISTSERV server behind an external A/V
server,
or a mail server with A/V protection. At Notre Dame, we run McAfee A/V
software
on our central mail servers, which act as MX hosts for our LISTSERV
server.

--
Paul Russell
Senior Systems Administrator
University of Notre Dame