On Wed, 4 Feb 2004, Louis-David Perron wrote: > I don't know if the list masters can do anything about it, but I > created this e-mail address especially to post on this list about an > apache problem less than 48 hours ago. Since I posted the message, it > took less than 12 hours before I started to receive the "Last > Microsoft Upgrade" & "New Net Patch" virus... an e-mail body with a > nice "Microsoft web site" looking. The virus is named [EMAIL PROTECTED]
Yes, same here since a few months. 150Kb each. About 100 messages a day. > So what I'm asking is: - Is there any members of this mailing list > infected by this virus? > > - Is there anybody spying on the list to send viruses? Probably not. It could just be that people having the virus have access to the messages of this list via newsgroups. > - Is there anything we can do about it? * Filter it. If it helps, I use something like this: :0 * > 120000 * < 170000 * B ?? base64 * B ?? ^TVqQAA * B ?? ^ZGUuDQ0KJAAAAAAAAAB\+i6hSOurGATrqxgE66sYBQfbKATvqxgG59sgBLerGAdL1zAEA6s swen.a * Analyze the Received: headers and complain to the ISP of the person sending you the virus. Do many of them come from IPs in the form 62.253.162.x and 62.253.164.x, as in my case? * It is even possible that the swen.a virus forges the sender but *not* the envelope sender. If this were true (which I'm not sure) then you could know the email address of the person sending you the virus by looking at the Return-Path. * Perhaps we should seriously consider asking the relevant parties to stop the list2news gateway *until* we have a way to obfuscate the addresses in the news. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
