Full Disclosure mailing list archives

Re: viruses being sent to this list

From: John Sage <jsage () finchhaven com>
Date: Wed, 24 Mar 2004 06:42:35 -0800

/*
   the thread that refused to die...
   ...now with extra! extra! life.
*/

On Wed, Mar 24, 2004 at 02:34:33PM +0200, Gadi Evron wrote:

From: Gadi Evron <ge () egotistical reprehensible net>
User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207)
To: Full-Disclosure <full-disclosure () lists netsys com>
CC: John Cartwright <johnc () grok org uk>
Subject: Re: [Full-disclosure] viruses being sent to this list
Date: Wed, 24 Mar 2004 14:34:33 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As I got a response from the managers, I am happy. And I took it
off-list.

They asked for us to send any responses to them directly rather than
on-list, and I did. However, this has now become a different thread,
so I will try and contribute.

The samples below could have been detected by any AV using
signatures alone. Thus, without any heuristics, not risking false
positives or requiring more time spent on moderation.


I don't use any AV software. Don't need it.

And I appreciate getting virii from this list (No! seriously!) and
several other lists I participate in because it gives me the
opportunity to examine and collect examples of what's out there.

If anything, it should help out on moderating all the viruses that get
sent from off-list addresses, by saving time, and with no risk of new
stuff not getting to the list due to a false positive.


How would you filter against off-list addresses that are obviously
spoofed?  Limit the list's traffic to members only?

Also, it might be a good idea to amend the list's charter to include
an "if you use this list, it is under your own blah blah and viruses
get sent, blah blah". For future protection.


In other words:

"You're an adult. Try 1) thinking; and 2) simply becoming responsible
for yourself."



- John
-- 
"Mad cow? You'd be mad too, if someone was trying to eat you."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: viruses being sent to this list, (continued)
- - - Re: viruses being sent to this list Valdis . Kletnieks (Mar 24)
    - Re: viruses being sent to this list Jason Freidman (Mar 24)
    - Re: Re: viruses being sent to this list Valdis . Kletnieks (Mar 25)
    - Re: viruses being sent to this list Valdis . Kletnieks (Mar 23)
    - Re: viruses being sent to this list Michael Cecil (Mar 23)
    - Re: viruses being sent to this list Aschwin Wesselius (Mar 24)
    - Re: viruses being sent to this list Dave Horsfall (Mar 23)
    - Re: viruses being sent to this list John Sage (Mar 23)
    - Re: viruses being sent to this list Byron Copeland (Mar 23)
    - Re: viruses being sent to this list Gadi Evron (Mar 24)
    - Re: viruses being sent to this list John Sage (Mar 24)
    - Re: viruses being sent to this list Adam (Mar 24)
    - Re: viruses being sent to this list Gadi Evron (Mar 24)
    - Re: viruses being sent to this list Maarten (Mar 24)
    - One more Wack at the dead equine WAS: viruses being sent to this list Marc Rassbach (Mar 25)
    - Re: One more Wack at the dead equine WAS: viruses being sent to this list Gadi Evron (Mar 25)
    - Re: One more *plonk* John Sage (Mar 25)
    - Re: viruses being sent to this list Paul Schmehl (Mar 24)
    - Re: viruses being sent to this list Valdis . Kletnieks (Mar 24)
- RE: viruses being sent to this list Stuart Fox (DSL AK) (Mar 22)
  - Re: viruses being sent to this list Gadi Evron (Mar 22)

(Thread continues...)