[unisog] Sobig.f with stripped attachments.

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Aug 28 19:03:06 GMT 2003


On Thu, 28 Aug 2003 18:04:51 BST, Julian Field <mailscanner at ecs.soton.ac.uk>  said:

> A *very* large number of people have their email protected by MailScanner 
> (it's used by a lot of very large academic sites, for starters) and you 
> really don't want to start blocking all their mail.

The fact that we're having this thread at all is proof that this "protection"
is somewhere less tha useful, and potentially harmful (for instance, we're
having this thread... ;)

Unless you employ a mechanism that can prove to the end user's satisfaction
that *their* MailScanner added the header (think "digital signature" here),
you're really not proving much of anything by adding it.  And even adding a
'X-yoursite-MailScanner' isn't any *real* help, because the next worm that
comes along will quite likely be able to find plenty of copies of the "real"
header with the value of 'yoursite'.....

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20030828/aaa96811/attachment-0003.bin


More information about the unisog mailing list