LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Repercussion of Viruses?

Paul Russell <[log in to unmask]>

Wed, 28 Jan 2004 11:20:52 -0500

text/plain (47 lines)

Brian Stoughton wrote:

> Hi all.
>
> I'm seeing an issue where virus emails (subject line "Hi" etc...) are being
> sent to some of our lists.  These lists are restricted so that only editors
> or owners may send to the list, and they also require confirmation.  The
> owners/editors are claiming that they have not received requests for
> confirmation, and I don't see any evidence in the listserv logs that show
> otherwise.  Any ideas?
>

These are almost certainly copies of the MyDoom (aka Novarg) virus. The outbreak
started Monday afternoon and will probably come close to matching the Sobig.f
outbreak of last August.

MyDoom is a mass-mailing virus which forges the sender addresses on the messages
it sends, using addresses it finds in files on the infected computers. It sends
copies of itself to other addresses it finds in files on those computers.
Apparently, at least one individual associated with your list has an infected
computer which is sending messages to the list address with an editor's address
forged as the return address.

You can put an immediate stop to this by configuring the list to require
confirmation on posting. The unfortunate side effect of this change is that
the individual whose return address was forged on the message will receive a
confirmation request for each forged message.

You can also configure the list to reject messages with attachments. This
will have the same unfortunate side effect, except the outbound messages will
be rejection messages, not confirmation requests.

These are measures you can implement in a matter of minutes, simply by
changing the list configuration.

You can eliminate the problem by introducing email virus protection into your
mail/list server environment. The Windows and Linux versions of LISTSERV 1.8e
are designed to work with an anti-virus product from F-Secure. If this is not
a viable option, you can put the LISTSERV server behind an external A/V server,
or a mail server with A/V protection. At Notre Dame, we run McAfee A/V software
on our central mail servers, which act as MX hosts for our LISTSERV server.

--
Paul Russell
Senior Systems Administrator
University of Notre Dame

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM