Interested, but I see many Sober postings and outages on other lists and not here...has anyone been having issues? I know the ISP's are fighting the living out of the virus. -Dennis
* Dennis Dayman:
Interested, but I see many Sober postings and outages on other lists and not here...has anyone been having issues? I know the ISP's are fighting the living out of the virus.
As far as I know. mainly webmail providers were affected, and their issues are traditionally not discussed on this list.
--On December 2, 2005 2:02:15 PM -0600 Dennis Dayman <dennis@thenose.net> wrote:
Interested, but I see many Sober postings and outages on other lists and not here...has anyone been having issues? I know the ISP's are fighting the living out of the virus.
I've been seeing a few really large bursts into our mailserver. Not sure if it's a new variant or a reoccurrence of an old strain. I put in a good number of new port 25 inbound blocks for infected systems and attempted to put up a few checks inside of our front end mail servers rather than in the virus and spam filtering (which happens later for us, so for bad surges we put a few custom rules up front early in postfix). Isn't anything we can't handle at this point but it was pretty ugly for a while there.
At 03:12 PM 12/2/2005, Michael Loftis wrote:
--On December 2, 2005 2:02:15 PM -0600 Dennis Dayman <dennis@thenose.net> wrote:
Interested, but I see many Sober postings and outages on other lists and not here...has anyone been having issues? I know the ISP's are fighting the living out of the virus.
I've been seeing a few really large bursts into our mailserver. Not sure if it's a new variant or a reoccurrence of an old strain. I put in a good number of new port 25 inbound blocks for infected systems and attempted to put up a few checks inside of our front end mail servers rather than in the virus and spam filtering (which happens later for us, so for bad surges we put a few custom rules up front early in postfix).
Only stuff we're seeing is a lot of blowback from dumb mail systems that accept email, THEN scan for viruses, and ultimately decide to send a note back to the From: address in the body of the infected email. Since the From: is invariably forged, the uninvolved owner of those forged email addresses gets hammered. Can people building virus scanning devices PLEASE GET A %^&*^ CLUE? This means you, Barricuda Networks, more than anyone else, but we also see this annoyance from Symantec devices, and from some AOL systems as well. Blasting a note back does two things: 1. It allows the worm or virus author an opportunity to implement an amplified attack on a third party using your filtering systems. 2. The bounce messages mostly include an advertisement for the filtering box's vendor. Get a clue... this is a REALLY negative advertisement for your spam & virus filtering technology. If you can't manage to realize the virus laden email should perhaps be dropped, then it makes your box look poorly designed. Oh, and please delete the infected file rather than sending that along too. OK, off my soapbox. Dan
On Friday 02 December 2005 14:27, Daniel Senie wrote:
Oh, and please delete the infected file rather than sending that along too.
Here, Here!!!! Roughly 50 percent of the sober messages I have been getting hammered with are the basic "sorry we could not deliver your virus message, so here it is" - intact.... -- Larry Smith SysAd ECSIS.NET sysad@ecsis.net
On 12/3/05, Daniel Senie <dts@senie.com> wrote:
Can people building virus scanning devices PLEASE GET A %^&*^ CLUE? This means you, Barricuda Networks, more than anyone else, but we also see this annoyance from Symantec devices, and from some AOL systems as well.
The worst offenders that I see - MailMarshal eSafe Symantec devices, as you say Comparatively little from Barracudas. And some large carriers / ISPs who send bounces / virus notifications back with (for example) notexist@[isp] as the return path instead of MAIL FROM:<>
On Fri, 2 Dec 2005, Dennis Dayman wrote:
Interested, but I see many Sober postings and outages on other lists and not here...has anyone been having issues? I know the ISP's are fighting the living out of the virus.
viruses in general don't bother backbone folks? besides, don't use outlook and you don't get infected?
On Fri, Dec 02, 2005 at 09:06:57PM +0000, Christopher L. Morrow wrote:
On Fri, 2 Dec 2005, Dennis Dayman wrote:
Interested, but I see many Sober postings and outages on other lists and not here...has anyone been having issues? I know the ISP's are fighting the living out of the virus.
viruses in general don't bother backbone folks? besides, don't use outlook and you don't get infected?
Why would anyone not trolling for viruses use MS mail products, Chris? -- Joe Yao ----------------------------------------------------------------------- This message is not an official statement of OSIS Center policies.
Joseph S D Yao wrote:
On Fri, Dec 02, 2005 at 09:06:57PM +0000, Christopher L. Morrow wrote:
On Fri, 2 Dec 2005, Dennis Dayman wrote:
Interested, but I see many Sober postings and outages on other lists and not here...has anyone been having issues? I know the ISP's are fighting the living out of the virus. viruses in general don't bother backbone folks? besides, don't use outlook and you don't get infected?
Why would anyone not trolling for viruses use MS mail products, Chris?
Because they are "forced" or "told" to by their MIS department? Sometimes the blind do lead the blind...and the blind follow (who's leading?) :-) It's also worth pointing out that MS mail products generally include a lot more functionality than just email. Calendaring and workflow are in high demands. Give MIS departments a better product and they will use it. -Jim P.
On Fri, 02 Dec 2005 19:09:23 -0500 Jim Popovitch <jimpop@yahoo.com> wrote:
Joseph S D Yao wrote:
Why would anyone not trolling for viruses use MS mail products, Chris?
Because they are "forced" or "told" to by their MIS department? Sometimes the blind do lead the blind...and the blind follow (who's leading?) :-)
It's also worth pointing out that MS mail products generally include a lot more functionality than just email. Calendaring and workflow are in high demands. Give MIS departments a better product and they will use it.
-Jim P.
What makes MS products so wonderful is they include much more functionality than many other products. What makes MS products so horrible is that the add functionality by making users' systems vulnerable to security threats under the guise of helpfulness (e.g., VB scripting, auto preview in Outlook). We too saw a large surge in e-mail bounces hitting our site. Our IronPort e-mail gateways are configured to drop viruses laden and undeliverable messages rather than bounce them to the victimized "from" sender. Why Fortune-500 e-mail administrators cannot figure out this one is confounding. How about a nice article in WSJ, Fortune, or Forbes which lists the companies with misconfigured systems so investors are informed as to the IT infrastructure of their investments? "If you're not part of the solution, you're part of the problem." matthew black california state university, long beach
On Fri, 2 Dec 2005, Joseph S D Yao wrote:
On Fri, Dec 02, 2005 at 09:06:57PM +0000, Christopher L. Morrow wrote:
On Fri, 2 Dec 2005, Dennis Dayman wrote:
Interested, but I see many Sober postings and outages on other lists and not here...has anyone been having issues? I know the ISP's are fighting the living out of the virus.
viruses in general don't bother backbone folks? besides, don't use outlook and you don't get infected?
Why would anyone not trolling for viruses use MS mail products, Chris?
ya know... I never thought of it that way :)
participants (11)
-
Christopher L. Morrow -
Daniel Senie -
Dennis Dayman -
Florian Weimer -
Jim Popovitch -
Joseph S D Yao -
Larry Smith -
Matthew Black -
Michael Loftis -
Randy Bush -
Suresh Ramasubramanian