If you are using Microsoft Outlook and you are reading this message you need to make 500% sure you are not propagating virii. I posted our support (at) nufone d0t net addy on this mailing list last night and have never posted it in an unprotected fashion like that anywhere else. So far today we have received over a hundred email virii to that address. I suggest you upgrade to a more secure email client that doesn't enable java, javascript or ActiveX. Jeremy McNamara
I second that... I have received a load of virii from people on this
list..
Received: from torch.junct.com (sootbox.junct.com [65.168.64.10])
by www.bkw.org (8.11.6/8.11.6) with ESMTP id h8MIcEJ06998
for <brian@bkw.org>; Mon, 22 Sep 2003 13:38:14 -0500
Received: from wdxmvur (unknown [207.41.124.63])
by torch.junct.com (Postfix) with SMTP
id 461DF4159; Mon, 22 Sep 2003 13:37:08 -0500 (CDT)
Last one I received.
bkw
On Mon, 22 Sep 2003, Jeremy McNamara wrote:
>
> If you are using Microsoft Outlook and you are reading this message you
> need to make 500% sure you are not propagating virii. I posted our
> support (at) nufone d0t net addy on this mailing list last night and
> have never posted it in an unprotected fashion like that anywhere else.
> So far today we have received over a hundred email virii to that address.
>
> I suggest you upgrade to a more secure email client that doesn't enable
> java, javascript or ActiveX.
>
>
> Jeremy McNamara
>
>
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users@lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
On Mon, 2003-09-22 at 13:42, Brian West wrote:> I second that... I have received a load of virii from people on this > list.. > > Received: from torch.junct.com (sootbox.junct.com [65.168.64.10]) > by www.bkw.org (8.11.6/8.11.6) with ESMTP id h8MIcEJ06998 > for <brian@bkw.org>; Mon, 22 Sep 2003 13:38:14 -0500 > Received: from wdxmvur (unknown [207.41.124.63]) > by torch.junct.com (Postfix) with SMTP > id 461DF4159; Mon, 22 Sep 2003 13:37:08 -0500 (CDT)For those of you that have no reason whatsoever to receive windows executables, here is a procmail rule that matches the beginning of a windows executable no matter what it is named. # Base 64 encoded windows executable :0B: *TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA You can use this and deliver the mail wherever you want to. This works on the last Sobig, klez and the Swen virus so far. This is what I had in my virii folder to test it against. -- Steven Critchfield <critch@basesys.com>
Actually, MS Outlook by default blocks all executables. I'm not sure why there is so much negativity around the Outlook client. Perhaps we should all go back to the cave and use Pine. -Sean -----Original Message----- From: asterisk-users-admin@lists.digium.com [mailto:asterisk-users-admin@lists.digium.com] On Behalf Of Steven Critchfield Sent: Monday, September 22, 2003 2:10 PM To: asterisk-users@lists.digium.com On Mon, 2003-09-22 at 13:42, Brian West wrote:> I second that... I have received a load of virii from people on this > list.. > > Received: from torch.junct.com (sootbox.junct.com [65.168.64.10]) > by www.bkw.org (8.11.6/8.11.6) with ESMTP id h8MIcEJ06998 > for <brian@bkw.org>; Mon, 22 Sep 2003 13:38:14 -0500 > Received: from wdxmvur (unknown [207.41.124.63]) > by torch.junct.com (Postfix) with SMTP > id 461DF4159; Mon, 22 Sep 2003 13:37:08 -0500 (CDT)For those of you that have no reason whatsoever to receive windows executables, here is a procmail rule that matches the beginning of a windows executable no matter what it is named. # Base 64 encoded windows executable :0B: *TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAA You can use this and deliver the mail wherever you want to. This works on the last Sobig, klez and the Swen virus so far. This is what I had in my virii folder to test it against. -- Steven Critchfield <critch@basesys.com> _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users
Go back to your cave. On your way, don't forget to patch sendmail (twice in the last 30 days), OpenSSH, gtkhtml, and pam_smb..... Just in the last month. Linux. Security. Made for the Internet. Made for the cave. Regards, Sean -----Original Message----- From: asterisk-users-admin@lists.digium.com [mailto:asterisk-users-admin@lists.digium.com] On Behalf Of Steven Critchfield Sent: Monday, September 22, 2003 3:58 PM To: asterisk-users@lists.digium.com On Mon, 2003-09-22 at 15:30, Sean Heiney wrote:> Actually, MS Outlook by default blocks all executables. I'm not sure > why there is so much negativity around the Outlook client. Perhaps we> should all go back to the cave and use Pine.I'll assume you don't understand the english words you just wrote well enough to defend yourself. Outlook does not block executables. It receives them via mail like any other mail message. It by default doesn't run executables that are sent as executables. But we all know about the current stupidities of Microsoft in that they look at the mime header to determine if it is safe to use the file(wav, mid, txt, whatever that should be a data file), but then executes the file so that they can use a shortcut to whatever app you defined to run that data file with. The problem being that they package exe files with a mime header for one of those innocuous files and the executable shortcut runs the virus. Not to mention that Outlook is set to by default to display HTML email and that a HTML mail with an embedded link to the "data" file inside will cause automatic running of the virus. So Outlook is not going to block the attachment from taking up residence on your drive. Outlook has poor security checking, and can be easily tricked into doing evil things. Microsoft recently stated themselves that Windows is not designed to sit on the internet out of the box, but requires a fair amount of hardening. This applies to all their other software as well as it is all tightly integrated. Admit it, Microsoft has been patching crap software for a long time. Linux had an advantage of not caring about market share and trying to do things the right way. Linux also grew up after the internet was around and while it was gaining popularity therefore it has had to grow up in a rough neighborhood and keep itself hardened.> -----Original Message----- > From: asterisk-users-admin@lists.digium.com > [mailto:asterisk-users-admin@lists.digium.com] On Behalf Of Steven > Critchfield > Sent: Monday, September 22, 2003 2:10 PM > To: asterisk-users@lists.digium.com > > On Mon, 2003-09-22 at 13:42, Brian West wrote: > > I second that... I have received a load of virii from people on this> > list.. > > > > Received: from torch.junct.com (sootbox.junct.com [65.168.64.10]) > > by www.bkw.org (8.11.6/8.11.6) with ESMTP id h8MIcEJ06998 > > for <brian@bkw.org>; Mon, 22 Sep 2003 13:38:14 -0500 > > Received: from wdxmvur (unknown [207.41.124.63]) > > by torch.junct.com (Postfix) with SMTP > > id 461DF4159; Mon, 22 Sep 2003 13:37:08 -0500 (CDT) > > For those of you that have no reason whatsoever to receive windows > executables, here is a procmail rule that matches the beginning of a > windows executable no matter what it is named. > > # Base 64 encoded windows executable > :0B: > *TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AA > AAAAA > > > You can use this and deliver the mail wherever you want to. This works> on the last Sobig, klez and the Swen virus so far. This is what I had > in my virii folder to test it against. > > -- > Steven Critchfield <critch@basesys.com> > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users-- Steven Critchfield <critch@basesys.com> _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users