Klez virus bypasses attachment rejection script?
Hi everyone, I have set up the no attachments portion of the anti junk/html/attachment script available in the FAQ. It worked perfectly in our test list.... I then repeated exactly the same setup in our three largest lists which are suffering really badly with the level of infection with the Klez virus hoping that blocking the attachments would stop messages getting through. What I dont understand is how today a load of infected messages have got posted with their attachments in those three lists. Has anyone else seen this happen while using the script? Has anyone any bright ideas on how on earth we can protect our lists from this virus? for us its destroying many years of hard work. regards David
On Tue, May 28, 2002 at 12:58:38PM +0200, David Kelly wrote:
Has anyone any bright ideas on how on earth we can protect our lists from this virus? for us its destroying many years of hard work.
Klez "attachments" don't follow the MIME standard. If you use a mail reader which complies with the standard, the "attachment" won't be decoded. Attachment filters assume that they will be dealing with Internet mail messages, not non-compliant data which happen to take advantage of bugs in a particular mail client. That's almost certainly the problem here. Roger
On 5/28/2002 at 12:58 PM David Kelly wrote:
Has anyone any bright ideas on how on earth we can protect our lists from this virus? for us its destroying many years of hard work. =-=-=-=-=-=-=-=
Hi David, I feel your pain, brother. A problem like this can quickly destroy your credibility and your list. Right after starting the one list that I run, a problem such as yours cropped up. I set the maximum message size to 80k and the virus propagation instantly ceased. I've seen infected attachments in the 90k range, so don't go larger. You could go smaller if you like; I can't because there are legitimate reasons to post attachments to my list. Lotsa luck. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rob Skinner La Habra, California mailto:rskinner@rustyiron.com http://www.rustyiron.com
David Kelly asked, | Has anyone any bright ideas on how on earth we can protect our lists from | this virus? Short answer: moderate them. If the traffic on your lists or the urgency of the posts makes may make it impractical to moderate everything, so here's a perhaps slightly more practical answer: combine my advice with Rob Skinner's and divert posts for moderation if they are in excess of a certain size.
participants (4)
-
David Kelly -
David W. Tamkin -
Rob Skinner -
Roger Burton West