Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Please virus scan your systems

From: Drew Smith <drew () mutherboard dyndns org>
Date: 11 Feb 2004 23:04:03 -0500
On Wed, 2004-02-11 at 16:33, Matt Southworth wrote:

Bryan Irvine <bryan.irvine () kingcountyjournal com> wrote on Wed, Feb 11, 2004 at 11:30:14AM -0800:
¡ about the only virus that can get through this list is the honor system
¡ virus, whereupon receiving it, you delete a bunch of random files,
¡ forward the emal, and reboot.
¡ 
¡ Those virus alert are most likely the cause of someone you've emailed
¡ sometime in your life getting mydoom or a similar virus.  It's pretty
¡ simple to tell if it came from this list, look for attachements.
¡ 
¡ It's a coincidence move on.

I've got to say this doesn not coincide with my experience. Starting
about 2 weeks ago I've received more than a dozen infected emails to 
the address I use ONLY for snort-users (see above...) - this adress
only appears on google in archives of the mailing list. It could be
spam harvested from that, I suppose, but I think it's more likely
that someone who at one time subscribed to this list is or was 
infected.


Not to be insulting or abrupt in anyway, but has it occured to you that
it's quite possible that someone or something has harvested the list for
email addresses? Doesn't it seem rather odd that you seem to be the only
one having the problem if this list really is the source of your
problem? Or perhaps somebody who has been writing to the list from a
'doze system has at some point has become infected?

As an example: My father got on me a few weeks ago for having him go to
a site handles an "opt-out" list since within a day or two later he was
getting hammered with crap by the W32-novarg worm. Since I host his
domain I had the ability to figure out within very close proximity just
where the crap was coming from.  As it turned out, my mother had been
staying at my sister's house for a few days and the system was infected
when she got there. That system was sending mail to everyone in my
father's domain from Tom, Dick and Harry to Shirley and Laverne. Through
a process of elimination I managed to find the source.  Fortunately, on
my advice, my father always keeps his 'doze systems virus scanners up to
date and it was only an annoyance.

Either way, it's out of you hands. Good luck trying to find the source.
I had at the most 50 or 60 possible's to deal with. If you suspect this
list you'd be looking in the millions. 

Want a really good url for a spamassassin setup? I'm just putting the
finishing touches on an install. Claims to be 95% effective on spam. I
guess what I'm really saying is, deal with it or let it go. And I don't
in any way mean any offense by that. It's just the reality of it.

Drew



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: