mailing list archives
Re: viruses being sent to this list
From: John Sage <jsage () finchhaven com>
Date: Wed, 24 Mar 2004 06:42:35 -0800
the thread that refused to die...
...now with extra! extra! life.
On Wed, Mar 24, 2004 at 02:34:33PM +0200, Gadi Evron wrote:
From: Gadi Evron <ge () egotistical reprehensible net>
User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207)
To: Full-Disclosure <full-disclosure () lists netsys com>
CC: John Cartwright <johnc () grok org uk>
Subject: Re: [Full-disclosure] viruses being sent to this list
Date: Wed, 24 Mar 2004 14:34:33 +0200
-----BEGIN PGP SIGNED MESSAGE-----
As I got a response from the managers, I am happy. And I took it
They asked for us to send any responses to them directly rather than
on-list, and I did. However, this has now become a different thread,
so I will try and contribute.
The samples below could have been detected by any AV using
signatures alone. Thus, without any heuristics, not risking false
positives or requiring more time spent on moderation.
I don't use any AV software. Don't need it.
And I appreciate getting virii from this list (No! seriously!) and
several other lists I participate in because it gives me the
opportunity to examine and collect examples of what's out there.
If anything, it should help out on moderating all the viruses that get
sent from off-list addresses, by saving time, and with no risk of new
stuff not getting to the list due to a false positive.
How would you filter against off-list addresses that are obviously
spoofed? Limit the list's traffic to members only?
Also, it might be a good idea to amend the list's charter to include
an "if you use this list, it is under your own blah blah and viruses
get sent, blah blah". For future protection.
In other words:
"You're an adult. Try 1) thinking; and 2) simply becoming responsible
"Mad cow? You'd be mad too, if someone was trying to eat you."
Full-Disclosure - We believe in it.
RE: viruses being sent to this list Stuart Fox (DSL AK) (Mar 23)