Re: [alfa] are you guys getting an email saying that it is a virus?

[Richard Welty <rwelty@xxxxxxxxxxxxxxx>]

On Mon, 8 Sep 2003 04:26:18 EDT MRAXLROZE@domain.elided wrote:

> im wondering if its a problem with the digest...if other people are
> getting 
> this mail then it is a virus being sent around thru the alfa digest be
> careful 
> guys..and dont download any files

there are no viruses passing through the digest.

the digest server has two stages of protection at the present time

1) all email to the server with dodgy extensions is rejected outright
   at SMTP time. the list of rejected extensions is right out of the M$
   recommendations. from the server's exim configuration file: 

# Unpack MIME containers and reject file extensions
# used by worms. Note that the extension list may be
# incomplete.
  deny    message = $found_extension files are not accepted here
          demime =  ade:adp:bas:bat:chm:cmd:com:cpl:crt:exe:hlp:hta \
                    inf:ins:isp:js:jse:lnk:mdb:mde:msc:msi:msp:mst:pcd:pif \
                    reg:scr:sct:shs:shb:url:vb:vbe:vbs:wsc:wsf:wsh

2) all email to the digest is then passed through a perl script named
"demime" (not the same demime as in the exim config) which strips all
surviving attachments as well as html text (converting html to plain
text where necessary) before sending it on to readers.

if you are getting a virus that looks like a digest, there is some other
vector at work. most newer viruses forge From: addresses, this is probably
what you're seeing.

richard
-- 
Richard Welty                                         rwelty@domain.elided
Averill Park Networking                                         518-573-7592
    Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
--
to be removed from alfa, see /bin/digest-subs.cgi
or email "unsubscribe alfa" to majordomo@domain.elided