nanog mailing list archives
Re: Worm probes
From: "Bill Larson" <blarson () compu net>
Date: Tue, 18 Sep 2001 11:49:29 -0500
I protected against readme.exe specifically several weeks ago. I also proactively filter all incoming emails for executable attachments. [Begin sample] Regarding your message to x msgid=<x () x x net> You are receiving this message due to the fact a possible email attack was detected passing through our mail servers from you. This was probally due to a file attachment. As many of these attachements can run on their own we only allow harmless file types to be sent. If you wish to send this file anyway please use a compression program. If you have further questions please do not hesitate to give me a call at the number below. Bill Larson blarson () compu net Network Administrator [Phone numbers here] REPORT: Trapped poisoned executable "readme.exe" REPORT: Not a document, or already poisoned by filename. Not scanned for macros. STATUS: Message quarantined, not delivered to recipient. -- Message sanitized on ns1.compu.net See http://www.impsec.org/email-tools/procmail-security.html for details. [End sample] Hopefully the notification does some good.
Current thread:
- Re: Worm probes, (continued)
- Re: Worm probes Eric Gauthier (Sep 18)
- Re: Worm probes.. Looking for captures. Michael Airhart (Sep 18)
- Re: Worm probes Chris Grout (Sep 18)
- Re: Worm probes ravi pina (Sep 18)
- RE: Worm probes Mark Radabaugh - Amplex (Sep 18)
- RE: Worm probes Mark Radabaugh - Amplex (Sep 18)
- RE: Worm probes Tim Winders (Sep 18)
- Re: Worm probes Jared Mauch (Sep 18)
- Re: Worm probes Bill Larson (Sep 18)
- Re: Worm probes Christopher X. Candreva (Sep 18)
- Re: Worm probes Bill Larson (Sep 18)
- Re: Worm probes sigma (Sep 18)
- Re: Worm probes Valdis . Kletnieks (Sep 18)
- RE: Worm probes Eric Germann (Sep 18)
- Re: Worm probes Ulf Zimmermann (Sep 18)
- Re: Worm probes k claffy (Sep 18)
- Re: Worm probes Joe Abley (Sep 18)
- Re: Worm probes Daniel Senie (Sep 18)