Snort mailing list archives
Re: Please virus scan your systems
From: Drew Smith <drew () mutherboard dyndns org>
Date: 11 Feb 2004 23:04:03 -0500
On Wed, 2004-02-11 at 16:33, Matt Southworth wrote:
Bryan Irvine <bryan.irvine () kingcountyjournal com> wrote on Wed, Feb 11, 2004 at 11:30:14AM -0800: ¡ about the only virus that can get through this list is the honor system ¡ virus, whereupon receiving it, you delete a bunch of random files, ¡ forward the emal, and reboot. ¡ ¡ Those virus alert are most likely the cause of someone you've emailed ¡ sometime in your life getting mydoom or a similar virus. It's pretty ¡ simple to tell if it came from this list, look for attachements. ¡ ¡ It's a coincidence move on. I've got to say this doesn not coincide with my experience. Starting about 2 weeks ago I've received more than a dozen infected emails to the address I use ONLY for snort-users (see above...) - this adress only appears on google in archives of the mailing list. It could be spam harvested from that, I suppose, but I think it's more likely that someone who at one time subscribed to this list is or was infected.
Not to be insulting or abrupt in anyway, but has it occured to you that it's quite possible that someone or something has harvested the list for email addresses? Doesn't it seem rather odd that you seem to be the only one having the problem if this list really is the source of your problem? Or perhaps somebody who has been writing to the list from a 'doze system has at some point has become infected? As an example: My father got on me a few weeks ago for having him go to a site handles an "opt-out" list since within a day or two later he was getting hammered with crap by the W32-novarg worm. Since I host his domain I had the ability to figure out within very close proximity just where the crap was coming from. As it turned out, my mother had been staying at my sister's house for a few days and the system was infected when she got there. That system was sending mail to everyone in my father's domain from Tom, Dick and Harry to Shirley and Laverne. Through a process of elimination I managed to find the source. Fortunately, on my advice, my father always keeps his 'doze systems virus scanners up to date and it was only an annoyance. Either way, it's out of you hands. Good luck trying to find the source. I had at the most 50 or 60 possible's to deal with. If you suspect this list you'd be looking in the millions. Want a really good url for a spamassassin setup? I'm just putting the finishing touches on an install. Claims to be 95% effective on spam. I guess what I'm really saying is, deal with it or let it go. And I don't in any way mean any offense by that. It's just the reality of it. Drew ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56&alloc_id438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Please virus scan your systems Vines Scott D 2d Lt AFFTC/IT (Feb 11)
- Re: Please virus scan your systems Keith W. McCammon (Feb 11)
- Re: Please virus scan your systems Bryan Irvine (Feb 11)
- Re: Please virus scan your systems Matt Southworth (Feb 11)
- Re: Please virus scan your systems Drew Smith (Feb 11)
- Re: Please virus scan your systems Josh Berry (Feb 11)
- Re: Please virus scan your systems Matt Kettler (Feb 11)
- Re: Please virus scan your systems Matt Southworth (Feb 11)