I sent Peter's mail to one of our malware specialists at Trend Micro. This is his response:
------------------------------------------------------------------ This is where the problem with most mailing lists comes in. Most mailing lists prevent outsiders from posting messages but insiders can post any type of content (without it ever being scanned by any av software). In this case, it looks like some members got infected with one of the mass-mailing Blueworm variants(aka Blackmal). Once infected, the users mailed infected messages and attachments to the mailing list. Most AV scanners (incl. our free Housecall: http://housecall.trendmicro.com) should take care of the infections. http://www.trendmicro.com/vinfo/virusencyclo/default2.asp?m=q&virus=Asses+Mpeg%27s&alt=Asses+Mpeg%27s How to prevent this? The admin needs to find a way to 1. prevent attachments altogether or 2. find a way to scan all incoming messages and attachments with AV software before allowing them to be distributed to the entire list. ---------------------------------------------------------------------------------- For the short term, could anyone who is reading the list through Outlook run housecall (http://housecall.trendmicro.com) or the equivalent program from your AV provider? That might stop the current infestation. As for the long-term solution, does someone on this list (Werner?) have authorization to install security software on our mail server or is that under the control of the larger gnu organization?) meg ============History only below =================================================== --- John Doe <[EMAIL PROTECTED]> wrote: > I didn't know this sort of spoofing was still > possible. I remember I used to impress friends by > sending them emails as [EMAIL PROTECTED] as a > kid :) > > The only thing you could reasonably do is press the > smtp admins to put up authentication, start logging, > accept messages from users with a certain email > address only or messages coming from specific IPs only. > > > > __________________________________ > Yahoo! Messenger > Show us what our next emoticon should look like. Join the fun. > http://www.advision.webevents.yahoo.com/emoticontest > > > _______________________________________________ > Groff mailing list > Groff@gnu.org > http://lists.gnu.org/mailman/listinfo/groff > _______________________________________________ Groff mailing list Groff@gnu.org http://lists.gnu.org/mailman/listinfo/groff
