FAQ
Hey folks,
I'm wondering if you could reccomend a good anti-virus filter/scanner
thing that I can use to scan the mail going through my lists, ideally
one that would alert me and/or the list admin before sending out mail
that was potentially infected.

thanks,

-arif

--
Arif Mamdani, Circuit Rider
LINC Project -- Welfare Law Center
www.lincproject.org www.welfarelaw.org
p: 212.633.6967
arif at welfarelaw.org

Search Discussions

  • Enriko Groen at Jun 1, 2001 at 2:16 pm

    -----Original Message-----
    From: Arif Mamdani [mailto:arif at welfarelaw.org]
    Sent: Friday, June 01, 2001 16:16
    To: mailman-users at python.org
    Subject: [Mailman-Users] Know of a good anti-virus filter?

    Hey folks,
    I'm wondering if you could reccomend a good anti-virus filter/scanner
    thing that I can use to scan the mail going through my lists, ideally
    one that would alert me and/or the list admin before sending out mail
    that was potentially infected.
    Okay, this one is pretty basic and probably a bit at 'doh!'-level, but the
    best way is to strip any attachments.

    Personally I think mailinglists should not be used for attachments... but
    that's MHO.

    --
    Enriko Groen, Hosting manager
    --------------------------------------------------------
    netivity bv www.netivity.nl enriko.groen at netivity.nl
    038 - 850 1000 van nagellstraat 4 8011 eb zwolle
    --------------------------------------------------------
  • Arif Mamdani at Jun 1, 2001 at 2:37 pm
    Stripping attachments would be the ideal, but it's not realistic for
    what my lists are being used for. So, aside from stripping
    attachements, what else is out there that will help me cut down on the
    number of virus being spread far and wide by users on my lists?
    -arif

    On 01 Jun 2001 16:16:30 +0200, Enriko Groen wrote:

    -----Original Message-----
    From: Arif Mamdani [mailto:arif at welfarelaw.org]
    Sent: Friday, June 01, 2001 16:16
    To: mailman-users at python.org
    Subject: [Mailman-Users] Know of a good anti-virus filter?

    Hey folks,
    I'm wondering if you could reccomend a good anti-virus filter/scanner
    thing that I can use to scan the mail going through my lists, ideally
    one that would alert me and/or the list admin before sending out mail
    that was potentially infected.
    Okay, this one is pretty basic and probably a bit at 'doh!'-level, but the
    best way is to strip any attachments.

    Personally I think mailinglists should not be used for attachments... but
    that's MHO.

    --
    Enriko Groen, Hosting manager
    --------------------------------------------------------
    netivity bv www.netivity.nl enriko.groen at netivity.nl
    038 - 850 1000 van nagellstraat 4 8011 eb zwolle
    --------------------------------------------------------


    ------------------------------------------------------
    Mailman-Users maillist - Mailman-Users at python.org
    http://mail.python.org/mailman/listinfo/mailman-users
    --
    Arif Mamdani, Circuit Rider
    LINC Project -- Welfare Law Center
    www.lincproject.org www.welfarelaw.org
    p: 212.633.6967
    arif at welfarelaw.org
  • J C Lawrence at Jun 1, 2001 at 4:28 pm

    On 01 Jun 2001 10:37:23 -0400 Arif Mamdani wrote:

    Stripping attachments would be the ideal, but it's not realistic
    for what my lists are being used for. <sigh>
    So, aside from stripping attachements, what else is out there that
    will help me cut down on the number of virus being spread far and
    wide by users on my lists?
    AVScan or I think Amavis (?) is the one I normally hear about.
    Easier I think it so use demime/mimefilter/mimestrip to remove
    selected MIME parts, and in this case specifically everything other
    than the bits you want to allow.

    --
    J C Lawrence claw at kanga.nu
    ---------(*) http://www.kanga.nu/~claw/
    The pressure to survive and rhetoric may make strange bedfellows
  • Len Merikanto at Jun 2, 2001 at 6:21 am

    On 1 Jun 2001, Arif Mamdani wrote:

    Stripping attachments would be the ideal, but it's not realistic for
    what my lists are being used for. So, aside from stripping
    attachements, what else is out there that will help me cut down on the
    number of virus being spread far and wide by users on my lists?
    -arif
    We use Trends Viruswall works ok scans all outgoing mail and all incoming
    mail. Little problems with sum free webmail sites as they dont handle
    attachments as planned in rfc.
  • Norbert Bollow at Jun 1, 2001 at 2:44 pm

    I'm wondering if you could reccomend a good anti-virus filter/scanner
    thing that I can use to scan the mail going through my lists, ideally
    one that would alert me and/or the list admin before sending out mail
    that was potentially infected.
    Stripping all attachments is certainly a good start. Then it
    has recently been pointed out on Bugtraq that it is possible
    to infect users of web-mail systems such as hotmail or yahoo
    by means of malicious URLs (see below). Because I haven't
    gotten around to learning how to do it in Python, I filter in
    a little Perl script on the regular expression

    /https?:\S*(%3a|\:)(%2f|\/)(%2f|\/)/i

    (I'd certainly appreciate a patch for Mailman that makes it hold
    messages which contain such suspicious URLs).

    Greetings, Norbert.

    --snip------------------------------------------------------------

    List-Id: <bugtraq.list-id.securityfocus.com>
    List-Post: <mailto:bugtraq at securityfocus.com>
    List-Help: <mailto:bugtraq-help at securityfocus.com>
    List-Unsubscribe: <mailto:bugtraq-unsubscribe at securityfocus.com>
    List-Subscribe: <mailto:bugtraq-subscribe at securityfocus.com>
    From: mparcens at hushmail.com
    Date: Wed, 30 May 2001 19:18:08 -0500 (EDT)
    To: bugtraq at securityfocus.com
    Content-type: multipart/mixed; boundary="Hushpart_boundary_dAfMJfpqUApfpvnobyxrXSpSoIJaULVu"
    Subject: Yahoo/Hotmail scripting vulnerability, worm propagation

    --Hushpart_boundary_dAfMJfpqUApfpvnobyxrXSpSoIJaULVu
    Content-type: text/plain

    Title: Yahoo/Hotmail scripting vulnerability, worm propagation


    Synopsis

    Cross-site-scripting holes in Yahoo and Hotmail make it possible to replicate
    a Melissa-type worm through those webmail services.


    Description

    An email is sent to the victim, who uses Yahoo Mail or Hotmail. Inside the
    email is a link to yahoo or hotmail's own server. The link contains escaped
    javascript that is executed when the page is loaded. That javascript then
    opens a window that could nagivate through the victim's inbox, sending messages
    with the malicious link to every email address it finds in the inbox. Because
    the malicious javascript executes inside a page from the mail service's
    own server, there is no domain-bounding error when the javascript is controlling
    the window with the victim's inbox.


    Who is vulnerable

    Users of the Yahoo Mail and Hotmail service. Although the exploit requires
    a user to click on a link, two things work for this exploit. (1) The email
    comes from a familiar user (sent by the worm), and (2) The link is to a
    familiar, trusted server. Theoretically, more services are vulnerable, due
    to the proliferation of these holes, but the worm is limited to web mail
    services.


    Proof-of-Concept

    Sample links and the worm code can be found at: http://www.sidesport.com/webworm/


    Solution

    Escaping all query data that is echoed to the screen eliminates this problem.
    This must be done on every page on a server that can send or read mail for
    the service.


    Vendor Status

    Both Yahoo and Hotmail were notified on May 23 2001.


    -mparcens
    mparcens at hushmail.com

    Free, encrypted, secure Web-based email at www.hushmail.com
    --Hushpart_boundary_dAfMJfpqUApfpvnobyxrXSpSoIJaULVu--


    IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
    Get your FREE, totally secure email address at http://www.hushmail.com.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-users @
categoriespython
postedJun 1, '01 at 2:16p
activeJun 2, '01 at 6:21a
posts6
users5
websitelist.org

People

Translate

site design / logo © 2021 Grokbase