Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: viruses being sent to this list
From: John Sage <jsage () finchhaven com>
Date: Wed, 24 Mar 2004 06:42:35 -0800

   the thread that refused to die...
   ...now with extra! extra! life.

On Wed, Mar 24, 2004 at 02:34:33PM +0200, Gadi Evron wrote:
From: Gadi Evron <ge () egotistical reprehensible net>
User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207)
To: Full-Disclosure <full-disclosure () lists netsys com>
CC: John Cartwright <johnc () grok org uk>
Subject: Re: [Full-disclosure] viruses being sent to this list
Date: Wed, 24 Mar 2004 14:34:33 +0200

Hash: SHA1

As I got a response from the managers, I am happy. And I took it

They asked for us to send any responses to them directly rather than
on-list, and I did. However, this has now become a different thread,
so I will try and contribute.

The samples below could have been detected by any AV using
signatures alone. Thus, without any heuristics, not risking false
positives or requiring more time spent on moderation.

I don't use any AV software. Don't need it.

And I appreciate getting virii from this list (No! seriously!) and
several other lists I participate in because it gives me the
opportunity to examine and collect examples of what's out there.

If anything, it should help out on moderating all the viruses that get
sent from off-list addresses, by saving time, and with no risk of new
stuff not getting to the list due to a false positive.

How would you filter against off-list addresses that are obviously
spoofed?  Limit the list's traffic to members only?

Also, it might be a good idea to amend the list's charter to include
an "if you use this list, it is under your own blah blah and viruses
get sent, blah blah". For future protection.

In other words:

"You're an adult. Try 1) thinking; and 2) simply becoming responsible
for yourself."

- John
"Mad cow? You'd be mad too, if someone was trying to eat you."

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]