Home page logo

nanog logo nanog mailing list archives

Re: Worm probes
From: "Bill Larson" <blarson () compu net>
Date: Tue, 18 Sep 2001 11:49:29 -0500

I protected against readme.exe specifically several weeks ago. I also
proactively filter all incoming emails for executable attachments.

[Begin sample]
Regarding your message to
x msgid=<x () x x net>

You are receiving this message due to the fact a possible email attack was
detected passing through our mail servers
from you. This was probally due to a file attachment. As many of these
attachements can run on their own we only allow harmless file types to be
sent. If you wish to send this file anyway please use a compression program.
If you have further questions please do not hesitate to give me a call at
the number below.

Bill Larson blarson () compu net
Network Administrator
[Phone numbers here]

REPORT: Trapped poisoned executable "readme.exe"
REPORT: Not a document, or already poisoned by filename. Not scanned for
STATUS: Message quarantined, not delivered to recipient.

Message sanitized on ns1.compu.net
See http://www.impsec.org/email-tools/procmail-security.html for details.
[End sample]

Hopefully the notification does some good.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]