Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: viruses being sent to this list
From: Maarten <fulldisc () ultratux org>
Date: Wed, 24 Mar 2004 20:35:04 +0100

On Wednesday 24 March 2004 13:34, Gadi Evron wrote:
As I got a response from the managers, I am happy. And I took it off-list.

I left this thread alone for a long time, partly since what I felt was already 
being said by others, and also partly because I consider myself new here so I 
mostly lurk 'n learn.    ...However, I now want to contribute a bit.

The samples below could have been detected by any AV using signatures
alone. Thus, without any heuristics, not risking false positives or
requiring more time spent on moderation.

Albeit a valid point, I still consider it irrelevant. It will _cost_ the 
listmaintainers/listowners, no matter how you turn it.  It may be time spent 
in setting up and configuring, it maybe be cost incurred in browsing through 
logs. It may be extra CPU load due to scanning, it may be dealing with 
malcontent listusers or faults that -inevitably- will occur.  God forbid, we 
may even one day get a witty worm variant that exploits a vulnerability in 
the virusscanner this list uses... at this point, nothing surprises me.

And for what? I can see NO valid reason whatsoever that anyone can demand that 
a list take care of what they deliver through it.  Here below are my reasons.

For starters, any filtering on the content can open you up for lawsuits. For 
that same reason even ISPs are (well, were...) reluctant to install any 
filtering (be it mail, or on IP level).  Once you do that, you prove that you 
have control over your content and the first RIAA or DMCA subpoena is in the 
mail already. Retaining any "common carrier" status is quite important.  
Especially for a list dealing with such [legally] delicate stuff as this one.

This reason above, I feel, should be enough to seal the case in and by itself.
However, I have another one: I think it is unreasonable to expect that anyone 
else than you yourself should be the gatekeeper of your own front door.
If you fear viruses, you run a mailscanner. Your security, your burden. Not 
ours. I run a full non-windows environment since 1997 and I think it is 
unreasonable that we all make an effort just because some people choose to 
use "a somewhat less secure" environment.  Yes, it IS your free choice.

To follow the analogy, it is not normal for one to ask the mailman to bring a 
ladder with him, just because you have your mailbox mounted at the second 
floor. If you fear that pranksters might fsck up your mailbox, get a better 
protected mailbox. But don't burden the mailman (or the sender) with your own 
issues.  If you dislike the ads that come a magazine you subscribed to, 
unsubscribe. It's that simple, really.

Three parties can influence what gets through to your mailbox. The government 
(by passing a law that forces everybody to abide by it), yourself (of course) 
and your ISP (it is the only party you pay; thus the only one that you have 
(or can claim) any leverage with. 

And third, this is not your average list or forum, it really isn't called 
full-disclosure for nothing. Stuff _will_ be delivered here that you surely 
do not want to run in an uncontrolled environment. We all know this.  Most of 
us walk on their toes here; if they didn't already read their mail in 
ascii-only mode -just because of the paranoia that often comes with this job- 
they may change their minds when they subscribe to FD.
You know the sign... "Ye who enter here... yada yada yada".  ;-)

Well... this subject has been beaten to death, and I even helped a bit.
I will now crawl back to the little internet-corner whence I came I guess :-)

Maarten

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault