Is there a way that our site admins can get the SMTP to drop these fellahs?
Just
add a filter to drop all messages with MyDomm or Novarg. I think that
MimeDefang
(if my memory is good) can do stuff like that easily. This thing is spreading
as
fast as sobig.F and it uses spoofing. As such, odds are that we'll be flooded
with those annoying autoreplies.
All in favor say aye!
;)
-- Marc-André Laverdière (†) Étudiant coop. en génie logiciel - Software Engineering Co-Op Student Université Concordia - Concordia University /"\ \ / ASCII Ribbon Campaign X against HTML e-mail / \ Selon postmaster_at_syntegra.nhs.uk: > > > The message apparently sent by you has been processed by Brightmail(TM) > Anti- > Virus using Symantec's Norton AntiVirus Technology. > > document.pif was infected with the malicious program W32.Novarg.A_at_mm . > It has been deleted because the file cannot be cleaned. It is not necessary > to forward this message if you don't need information. > > Since most current email viruses disguise the address they came from, it is > quite possible that the > person named as the sender is not, in fact, the sender. > > There is no need to report this incident to the Threat Assessment Centre > (david.harley_at_nhsia.nhs.uk) > unless you have a query. > > Most email viruses and worms alter messages so that the mail address from > which > they mailed themselves cannot be identified. Viruses that do this include > Mimail, Sobig, Klez, Yaha and so on, but there are many others, so it is > quite possible that you didn't send the message and don't have an infected > system. > > If you are in any doubt as to whether you may be infected, please take > appropriate > measures, including updating your anti-virus software. > > If you are employed by the NHS, you should contact the Threat Assessment > Centre > (david.harley_at_nhsia.nhs.uk) for further information and to check whether > further > action is needed. > > For more information on security reporting and alerts within > the NHS, visit > http://nww.nhsia.nhs.uk/security/pages/default.asp. > > For more information on anti-virus tips and technology, visit > http://www.brightmail.com/antivirus > > > Headers of infected message: > > From: ipaq_at_handhelds.org > To: rfcruh_at_royalhospitals.n-t.nhs.uk > Subject: test > Date: Wed, 28 Jan 2004 07:59:17 +0000 > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----=_NextPart_000_0012_667311B0.C6A7D7D0" > X-Priority: 3 > X-MSMail-Priority: Normal > Message-Id: <E1Alkbc-0007Gn-HR_at_mail13.nhs.uk> > > >Received on Wed Jan 28 2004 - 14:05:43 EST
This archive was generated by hypermail 2.2.0 : Mon Jul 25 2005 - 18:33:25 EDT