Re: meay-meay! (virus sent via full-discosure list)

[KUIJPERS Jimmy <jimmy.kuijpers () swift com>]

How many times has this been discussed on the list?  Such alteration of messages send is in itself a form of 
moderation. even if you
don't remove the virus itself. Something the list charter clearly states it will not do. Besides, why would the FD 
owners want to
spend money (cpu power required for additional proccesing) on anti-virus while anti-virus is the clients 
responsibility. Especially
on a security mailing list as this.

If you want to treat virusses difrently by adding a flag then you could have your own virusscanner do it. (and then you 
have to pay
for the additional proccesing ;-) )


My 2ct



Bill Royds wrote:

>  This virus sent to the list shows the problem of complete lack of
> moderation. What would be best is a filter that does a virus scan and WARNS
> about possible virus, but does not block anything. You would still be
> responsible for personal digital hygiene, but would have a flag to filter
> on.
>
> Here are the headers of this message with McAfee message and a whois on the
> originating MTA IP.
>
> Return-Path: <full-disclosure-admin () lists netsys com>
> Received: from netsys.com (NETSYS.COM [199.201.233.10])
>         by mail.zoneedit.com (Postfix) with ESMTP id 285443FA0D
>         for <full-disclosure () royds net>; Wed, 24 Mar 2004 17:17:19 -0500
> (EST)
> Received: from NETSYS.COM (localhost [127.0.0.1])
>         by netsys.com (8.11.6p2-2003-09-16/8.11.6) with ESMTP id
> i2OM4lJ28528;
>         Wed, 24 Mar 2004 17:04:47 -0500 (EST)
> Received: from kermit ([62.38.237.28])
>         by netsys.com (8.11.6p2-2003-09-16/8.11.6) with SMTP id i2OLRWX15727
>         for <full-disclosure () lists netsys com>; Wed, 24 Mar 2004 16:27:34
> -0500 (EST)
> To: full-disclosure () lists netsys com
> From: macubergeek () comcast net
> Message-ID: <qcwokkovsbsisnacbtp () comcast net>
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
>         boundary="--------sbeuunoxpacatulivtum"
> Subject: [Full-disclosure] meay-meay!
> Sender: full-disclosure-admin () lists netsys com
> Errors-To: full-disclosure-admin () lists netsys com
> X-BeenThere: full-disclosure () lists netsys com
> X-Mailman-Version: 2.0.12
> Precedence: bulk
> List-Unsubscribe:
> <http://lists.netsys.com/mailman/listinfo/full-disclosure>,
>
> <mailto:full-disclosure-request () lists netsys com?subject=unsubscribe>
> List-Id: Discussion of security issues <full-disclosure.lists.netsys.com>
> List-Post: <mailto:full-disclosure () lists netsys com>
> List-Help: <mailto:full-disclosure-request () lists netsys com?subject=help>
> List-Subscribe: <http://lists.netsys.com/mailman/listinfo/full-disclosure>,
>         <mailto:full-disclosure-request () lists netsys com?subject=subscribe>
> List-Archive: <http://lists.netsys.com/pipermail/full-disclosure/>
> Date: Wed, 24 Mar 2004 23:27:25 +0200
>
> ******************   McAfee VirusScan ************************
> ******* Alert generated at: Wed, 24 Mar 2004 18:29:19 -0500 *********
> *********************************************************************
>
> McAfee VirusScan has detected a potential threat in this e-mail
> sent by macubergeek () comcast net.
> The following actions were attempted on each suspicious part.
> We strongly recommend that you report this virus-related activity
> to macubergeek () comcast net.
>
>  The attachment "TextFile.zip" is infected with the W32/Bagle.gen!pwdzip
> Virus(es).
> This attachment has been cleaned.
>
> ===================whois for sending MUA ==========
>
> 03/25/04 08:29:36 whois 62.38.237.28 () whois ripe net
>
> whois -h whois.ripe.net 62.38.237.28 ...
> % This is the RIPE Whois server.
> % The objects are in RPSL format.
> %
> % Rights restricted by copyright.
> % See http://www.ripe.net/ripencc/pub-services/db/copyright.html
>
> inetnum:      62.38.0.0 - 62.38.255.255
> netname:      GR-HOL-20010530
> descr:        Hellas On Line S.A.
> descr:        PROVIDER
> country:      GR
> admin-c:      HA194-RIPE
> tech-c:       CO95-RIPE
> status:       ALLOCATED PA
> mnt-by:       RIPE-NCC-HM-MNT
> mnt-lower:    AS3329-MNT
> changed:      hostmaster () ripe net 20010530
> changed:      hostmaster () ripe net 20031210 # gr.hol.aval via
> https://lirportal.ripe.net
> source:       RIPE
>
> route:        62.38.0.0/16
> descr:        HOL
> origin:       AS3329
> mnt-lower:    AS3329-MNT
> mnt-routes:   AS3329-MNT
> mnt-by:       AS3329-MNT
> changed:      tkor () hol gr 20010530
> source:       RIPE
>
> role:         HOL Administration
> address:      Hellas On Line S.A.
> address:      Harilaou Trikoupi 151
> address:      N. Kiffisia, Greece 14564
> e-mail:       admin () hol gr
> trouble:      Questions....... mail to: noc () hol gr
> trouble:      Spam Reports.... mail to: postmaster () hol gr
> trouble:      Abuse Reports... mail to: abuse () hol gr
> admin-c:      KK5841-RIPE
> tech-c:       AV845-RIPE
> tech-c:       TK583-RIPE
> tech-c:       CO95-RIPE
> nic-hdl:      HA194-RIPE
> mnt-by:       AS3329-MNT
> changed:      vicky () hol gr 19970821
> changed:      vicky () hol gr 19970826
> changed:      noc () hol gr 19981217
> changed:      aval () hol gr 20000110
> changed:      aval () hol gr 20010314
> changed:      aval () hol gr 20020121
> changed:      aval () hol gr 20030624
> source:       RIPE
>
> role:         HOL Network Operations Center
> address:      Hellas On Line S.A.
> address:      Harilaou Trikoupi 151
> address:      N. Kiffisia, Greece 14564
> e-mail:       noc () hol gr
> trouble:      Questions....... mail to: noc () hol gr
> trouble:      Spam Reports.... mail to: postmaster () hol gr
> trouble:      Abuse Reports... mail to: abuse () hol gr
> admin-c:      KK5841-RIPE
> tech-c:       AV845-RIPE
> tech-c:       TK583-RIPE
> nic-hdl:      CO95-RIPE
> mnt-by:       AS3329-MNT
> changed:      vicky () hol gr 19970821
> changed:      noc () hol gr 19981217
> changed:      aval () hol gr 20000110
> changed:      aval () hol gr 20010314
> changed:      aval () hol gr 20010320
> changed:      aval () hol gr 20010607
> changed:      aval () hol gr 20020121
> changed:      tkor () hol net 20030909
> source:       RIPE
>
> -----Original Message-----
> From: full-disclosure-admin () lists netsys com
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of
> macubergeek () comcast net
> Sent: March 24, 2004 4:27 PM
> To: full-disclosure () lists netsys com
> Subject: [Full-disclosure] meay-meay!
>
>  The access is open !!!
>
> password  for  archive: 01825
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature