To:
CertaintyTech - Ed Henderson; Amauri Bailon;
[EMAIL PROTECTED]Subject: Re:
[Qmail-scanner-general]klez
In the qmail-scanner-queue.pl i have got the
below as follow:-
# ./configure --spooldir /var/spool/qmailscan
--qmaildir /var/qmail --bindir /var/qmail/bin --qmail-queue-binar
report did not go to
the recips.
Please help
- Original Message -
From: "CertaintyTech - Ed Henderson" <[EMAIL PROTECTED]>
To: "Amauri Bailon" <[EMAIL PROTECTED]>;
"Nicholas Chua" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Thursday, May 09
>
> Perlscanner is blocking all those illegal attachments. It send emails to
> root and the sender. But i would like it a email to the recipent too. Is
> there a way to do it?
./configure --help is your friend. It will show you all of the options with
one being the ability to notify recips. Or
ua" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Tuesday, May 07, 2002 3:06 AM
Subject: RE: [Qmail-scanner-general]klez
> >
> > How do i add Klez into the perlscanner?
> >
> > - Original Message -
> > From: "CertaintyTech - Ed Henderson"
>
> How do i add Klez into the perlscanner?
>
> - Original Message -
> From: "CertaintyTech - Ed Henderson" <[EMAIL PROTECTED]>
> To: "Nicholas Chua" <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>
> Sent: Tuesday, May 07, 2002 1:51 AM
> Subject: RE: [Qmail-scanner-general]Permission eroor
>
F
On Tuesday 07 May 2002 02:49, Hubbard, David wrote:
> Just put something like the following in your pattern file, with spaces
> being tabs of course, and you should block most viruses. You can add
> other extensions like .exe at your discretion, some user communities
> won't tolerate exe's from b
On Tuesday 07 May 2002 02:40, Nicholas Chua wrote:
> How do i add Klez into the perlscanner?
Isn't it better to rely on your virus scanner? AFAIK, Klez (and its variants)
has a multitude of subject headings, body text and attaches itself to files
picked at random from the victim's system it mak
]
> Sent: Monday, May 06, 2002 2:40 PM
> To: [EMAIL PROTECTED]
> Subject: [Qmail-scanner-general]klez
>
>
> How do i add Klez into the perlscanner?
>
> - Original Message -
> From: "CertaintyTech - Ed Henderson" <[EMAIL PROTECTED]>
> To: &qu
How do i add Klez into the perlscanner?
- Original Message -
From: "CertaintyTech - Ed Henderson" <[EMAIL PROTECTED]>
To: "Nicholas Chua" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Tuesday, May 07, 2002 1:51 AM
Subject: RE: [Qmail-scanner-general]Permission eroor
> > Sending standar
On 2 May 2002 18:02, Rick Macdougall <[EMAIL PROTECTED]> wrote.
> Just a quick thought on that. Under XP the IP address can be spoofed.
It's irrelevant. If your qmail runs on a normal OS, IP address for a TCP/SMTP
connection
can't be spoofed. "Received" lines can be, tho.
TECTED]>
Sent: Thursday, May 02, 2002 6:42 PM
Subject: RE: [Qmail-scanner-general]Klez
Ya ... yet another thanks to MS ...
You're taking all the fun out of it.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of
Rick Macdougall
Sent: Thursday, May 0
Ya ... yet another thanks to MS ...
You're taking all the fun out of it.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of
Rick Macdougall
Sent: Thursday, May 02, 2002 3:03 PM
To: [EMAIL PROTECTED]
Subject: Re: [Qmail-scanner-general]Klez
Hi,
Just a quick thought on that. Under XP the IP address can be spoofed.
Regards,
Rick
- Original Message -
From: "Charles J. Boening" <[EMAIL PROTECTED]>
To: "'Jason Haar'" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Thursday,
just don't understand the message.
Just some thoughts.
Charles
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of
Jason Haar
Sent: Thursday, May 02, 2002 2:12 PM
To: [EMAIL PROTECTED]
Subject: Re: [Qmail-scanner-general]Klez
On Thu, May 02, 2002 at 11:22:59AM -
>
>
> Well I'm not sure of what you guys do (haven't been watching this
> thread too closely), but I just hacked up the is_replyable_email()
> function to return 1 on certain viruses like Illegal MIME Headers
> (which just turn out to be spam from address that don't work any
> way), and certain vi
in viruses like Klez.
Maybe this could be a feature to think about?
- Original Message -
From: "Jason Haar" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, May 02, 2002 4:11 PM
Subject: Re: [Qmail-scanner-general]Klez
> On Thu, May 02, 2002 at 11:22:59A
On Thu, May 02, 2002 at 11:22:59AM -0700, Surly Zek wrote:
> adding the source
> ip for people to use when troubleshooting has been
> saving many people many headaches.
How?
I'm glad you have found your own solution, however it really only deals with
Klez. There is no one "right" way of dealing
> Thanks for the info. As I suspected its time to
> turn off notifications to
> senders.
This may not be necessary. I made the following two
changes and the Klez situation is much better now.
1) Enable the sub-sender-cache.pl from the crontrib
folder.
2) Add the source IP address to the heade
> Yeah... Klez is a real serious pain...
>
> It will randomly grab email addresses from an infected person's
> addressbook, OR it will grab email addresses from ANY file on ANY
> drive it has access to. It then will use these random addresses
> for the TO: field, and for the FROM field both in th
Yeah... Klez is a real serious pain...
It will randomly grab email addresses from an infected person's addressbook, OR it
will grab email addresses from ANY file on ANY drive it has access to. It then will
use these random addresses for the TO: field, and for the FROM field both in the
envel
On Thu, 2 May 2002 12:20:12 -0400 CertaintyTech - Ed Henderson
<[EMAIL PROTECTED]> wrote:
CEH> I see that Klez changes the MAIL_FROM as compared to the "From:" address. I
CEH> assume the From: is the correct one but of course Q-S sends a notice to the
CEH> MAIL_FROM. Where does it get the MAIL
I see that Klez changes the MAIL_FROM as compared to the "From:" address. I
assume the From: is the correct one but of course Q-S sends a notice to the
MAIL_FROM. Where does it get the MAIL_FROM address from? Are the notices
being sent to the wrong person?
THanks for any enlightenment,
Ed.
22 matches
Mail list logo
