LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Spamming alert for [log in to unmask] (Hybris virus message)

Paul Russell <[log in to unmask]>

Wed, 10 Jan 2001 10:34:27 -0500

text/plain (47 lines)

To the best of my knowledge, the ATTACHMENTS= keyword is a list
configuration keyword, not a site configuration keyword, and there is no
site configuration keyword that provides the same functionality on a
site-wide basis. On the other hand, the FILTER_ALSO keyword in the site
configuration file applies to every message processed by LISTSERV,
regardless of how the message is addressed or how individual list owners
have configured their respective lists regarding attachments.

I have seen several hundred copies of the Hybris virus in the past several
weeks, and most, if not all of them had "[log in to unmask]" as the
return address. I did not suggest that you could block every version of
every virus by adding this address to the FILTER_ALSO keyword in your site
configuration file, however, it does appear to be the quickest, easiest,
most cost-effective way to block what appears to be a common version of
a current virus.

There are, of course, other ways to address this problem.

You could block most copies of this version of this virus by configuring
LISTSERV to reject messages in excess of 400 lines. Unfortunately, there
is no way to do this on a site-wide basis without using an obsolete site
configuration keyword.

You could block most copies of this version of this virus by configuring
the LISTSERV server's SMTP service to reject messages in excess of 30 KB,
however, you must be sure that the limit applies only to inbound messages,
or you may find that you have blocked large digests and other large files
sent by LISTSERV in response to requests from list owners and subscribers.

You could block most copies of this version of this virus by implementing
content filters for the LISTSERV server's SMTP service, however, this
could have an impact on system performance and may violate some sites'
privacy policies.

You may be able to block this and other virii by installing and using
virus-protection software with up-to-date virus signature files. This
could be classified as content filtering, but I doubt that you will find
much opposition based on that argument. In the long run, this may be the
most effective way to deal with virus problems, however, you may want to
take stop-gap measures to provide some degree of protection until the
virus-protection software can be installed.

--
Paul Russell
Senior Systems Administrator
University of Notre Dame

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM