Re: [OT] Re: ATTACK TO MY SYSTEM

From: Willy Tarreau
Date: Tue Sep 23 2003 - 15:10:00 EST

Next message: Chris Wright: "Re: [CHECKER] 32 Memory Leaks on Error Paths"
Previous message: Felipe W Damasio: "[PATCH] Memory leak in mtd/chips/cfi_cmdset_0020.c"
In reply to: Wade: "Re: [OT] Re: ATTACK TO MY SYSTEM"
Next in thread: german aracil boned: "ATTACK TO MY SYSTEM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Sep 23, 2003 at 11:50:39AM -0400, Wakko Warner wrote:

> I'm running my own mailserver and it's hard not to accept it. I have
> basically done checks in the from and to headers. If it appears as a virus,
> i lockout the smtp sender. It's not permenant. When the virus stops, i
> unblock every one.

I've noticed that they *ALL* have their From:, To:, and Subject: written in
uppercase. So it's really easy to filter them out depending on the tools used.
If a mail header either matches ^FROM:, ^TO: or ^SUBJECT: then it has high
chances to be a spam/virus. I checked all my recent mails and a few months
back in LKML and did not found anything except spam/viruses which match this.
At least, we should be lucky that these virus writers don't fully respect
protocols...

HTH,
Willy

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wright: "Re: [CHECKER] 32 Memory Leaks on Error Paths"
Previous message: Felipe W Damasio: "[PATCH] Memory leak in mtd/chips/cfi_cmdset_0020.c"
In reply to: Wade: "Re: [OT] Re: ATTACK TO MY SYSTEM"
Next in thread: german aracil boned: "ATTACK TO MY SYSTEM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]