Re: antivirus s/w

["I.R. van Dongen" <vdongen () hetisw nl>]

Steve Wray wrote:

> > Randal L. Schwartz
> >    
> [snip]
>  
>
> > PLEASE MAKE SURE that it doesn't send email responses.
> >
> > I'm getting 500 mydoom an hour.  I can filter those.
> > I'm getting 1500 AV-responses an hour.  I can't filter those.
> >    
>
> Hmmmm surely these AV responses could be trained into spam filters?
>  
worse are the MTA's that send the mail anyway with the virus renamed to 
.txt.....

I dedicated a nice section of my access file for blocks that do exactly 
that:

##### smtp hosts die virussen strippen maar toch zenden
150.214.35.28  550 Plz fix smtp to not send viruswarnings to innocent ppl
xtra.co.nz     550 Plz fix smtp to not send viruswarnings to innocent ppl
24.94.166      550 Plz fix smtp to not send viruswarnings to innocent ppl
24.25.9         550 Plz fix smtp to not send viruswarnings to innocent ppl
65.32.5         550 Plz fix smtp to not send viruswarnings to innocent ppl
66.75.162       550 Plz fix smtp to not send viruswarnings to innocent ppl
202.144.76      550 Plz fix smtp to not send viruswarnings to innocent ppl
217.10.192      550 Plz fix smtp to not send viruswarnings to innocent ppl
63.84.236.56    550 Plz fix smtp to not send viruswarnings to innocent ppl
193.189.160.25  550 Plz fix smtp to not send viruswarnings to innocent ppl
194.247.192.243 550 Plz fix smtp to not send viruswarnings to innocent ppl
200.199.222.131 550 Plz fix smtp to not send viruswarnings to innocent ppl
212.34.224.150  550 Plz fix smtp to not send viruswarnings to innocent ppl
65.24.5         550 Plz fix smtp to not send viruswarnings to innocent ppl

(rough translation of the comment: smtp hosts that strip virusses but 
send anyway)



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html