SWEN virus.
This is a discussion on SWEN virus. within the Linux Networking forums, part of the Linux Forums category; "Shashank Khanvilkar" <shashank@mia.ece.uic.edu> wrote in news:boon2m$7oo$1@newsx.cc.uic....
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-10-2003
|
|||
|
|||
Re: SWEN virus.
"Shashank Khanvilkar" <shashank@mia.ece.uic.edu> wrote in
news:boon2m$7oo$1@newsx.cc.uic.edu: > Hi, > > I am receiving these annoying mails containing swen virus. My PC is > not infected with it, and I don't even know where it is coming from.. > I could setup filters but i was more concerned about the BW that it > eats up, when i download my mails from the server on a dial-up > connection. > > Is there any way in which i can configure my SMTP server to stop > receiving mails that contain this virus. > How do i attack this problem.?? > > > Use a mail client that only downloads the headers, then allows you to delete the mail from the server without downloading the body and attachments, if any. I doubt you will be able to stop the mail from being sent to your email server but you can stop it from being sent from your server to you. And like the other response said, get your mail provider to use a virus filter acceptable to you. 
|
|
11-10-2003
|
|||
|
|||
|
SWEN virus.
Hi,
I am receiving these annoying mails containing swen virus. My PC is not infected with it, and I don't even know where it is coming from.. I could setup filters but i was more concerned about the BW that it eats up, when i download my mails from the server on a dial-up connection. Is there any way in which i can configure my SMTP server to stop receiving mails that contain this virus. How do i attack this problem.?? -- Regards Shashank http://mia.ece.uic.edu/~papers
|
|
11-10-2003
|
|||
|
|||
|
Re: SWEN virus.
"Shashank Khanvilkar" <shashank@mia.ece.uic.edu> wrote in
news:boon2m$7oo$1@newsx.cc.uic.edu: > Hi, > > I am receiving these annoying mails containing swen virus. My PC is > not infected with it, and I don't even know where it is coming from.. > I could setup filters but i was more concerned about the BW that it > eats up, when i download my mails from the server on a dial-up > connection. > > Is there any way in which i can configure my SMTP server to stop > receiving mails that contain this virus. > How do i attack this problem.?? > Do you have administrative access to the server? If not, contact your ISP, and give them hell for not using anti-virus software on their server. (And if they decide to install such, threaten them with cattle prods if they configure it to send a notice to _anyone_ about detecting a virus. Sending a notice to the "sender" is a form of abuse, becaus the only sender they can identify at that point is forged.) If you do, install anti-virus software. -- Terry Austin taustin@hyperbooks.com www.hyperbooks.com Roleplaying Stuff
|
|
11-10-2003
|
|||
|
|||
|
Re: SWEN virus.
> >
> Do you have administrative access to the server? If not, contact your ISP, I have administrative access to one of my servers... but the other is controlled by someone esle.. and unfortunataly i am receiving such mails on both mail accounts. > and give them hell for not using anti-virus software on their server. (And > if they decide to install such, threaten them with cattle prods if they > configure it to send a notice to _anyone_ about detecting a virus. Sending > a notice to the "sender" is a form of abuse, becaus the only sender they > can identify at that point is forged.) > > If you do, install anti-virus software. I already have spam-assasin, which is not doing a very good job.. But that is not of concern, as i may have misconfigured it. My real concern is how can one remedy this problem at the root.. Even if i install anti-virus software, my server is still receiving those bloody emails, wasting a lot of BW. Isn't there any current mechanism built into SMTP, which will automatically stop relaying messages from the culprit, right at the first hop, and if not what can be done about it. All Comments appreciated.
|
|
11-10-2003
|
|||
|
|||
|
Re: SWEN virus.
Shashank Khanvilkar wrote:
>> > >> Do you have administrative access to the server? If not, contact your >> ISP, > > I have administrative access to one of my servers... but the other is > controlled by someone esle.. and unfortunataly i am receiving such mails > on both mail accounts. > >> and give them hell for not using anti-virus software on their server. >> (And if they decide to install such, threaten them with cattle prods if >> they configure it to send a notice to _anyone_ about detecting a virus. >> Sending a notice to the "sender" is a form of abuse, becaus the only >> sender they can identify at that point is forged.) >> >> If you do, install anti-virus software. > > I already have spam-assasin, which is not doing a very good job.. > But that is not of concern, as i may have misconfigured it. > Probably > My real concern is how can one remedy this problem at the root.. Even if i > install anti-virus software, my server is still receiving those bloody > emails, wasting a lot of BW. Isn't there any current mechanism built into > SMTP, which will automatically stop relaying messages from the culprit, > right at the first hop, Nope. Not possible with current SMTP > and if not what can be done about it. > > All Comments appreciated. Well, the easiest remedy would be to permanently ban all MS software from internet access. -- Microsoft's Guide To System Design: Let it get in YOUR way. The problem for your problem.
|
|
11-10-2003
|
|||
|
|||
|
Re: SWEN virus.
"Shashank Khanvilkar" <shashank@mia.ece.uic.edu> wrote in
news:boophr$7rn$1@newsx.cc.uic.edu: >> > >> Do you have administrative access to the server? If not, contact your >> ISP, > > I have administrative access to one of my servers... but the other is > controlled by someone esle.. and unfortunataly i am receiving such > mails on both mail accounts. > >> and give them hell for not using anti-virus software on their server. >> (And if they decide to install such, threaten them with cattle prods >> if they configure it to send a notice to _anyone_ about detecting a >> virus. Sending a notice to the "sender" is a form of abuse, becaus >> the only sender they can identify at that point is forged.) >> >> If you do, install anti-virus software. > > I already have spam-assasin, which is not doing a very good job.. > But that is not of concern, as i may have misconfigured it. > > My real concern is how can one remedy this problem at the root.. Even > if i install anti-virus software, my server is still receiving those > bloody emails, wasting a lot of BW. Isn't there any current mechanism > built into SMTP, which will automatically stop relaying messages from > the culprit, right at the first hop, and if not what can be done about > it. You can only control what is under your control. The way that SMTP works, there is no way to receive enough of the message to identify is as a virus without receiving the entire message. A mail server with properly configured AV software will then delete it silently. That is, unfortunately, the best you can really hope for, unless you can find a broken mail server. And, unfortunately, the vast majority of Swen viruses are sent through the sender's ISPs mail server, rather than direct, so you can't afford to just block the sender (which would prevent _any_ connection at all, if done properly), or you'll be blocking a lot of legitimate email from large ISPs. > > All Comments appreciated. > The best I've managed is to delete them silently as soon as they are received. It seems that all Windows executables start with TVqQAAMAAAAEAAAA//, so if you're will to simply refuse all executables (and you should, since legitimate email with executable attachments can be re- sent zipped), you can just kill on that string. -- Terry Austin taustin@hyperbooks.com www.hyperbooks.com Roleplaying Stuff
|
|
11-10-2003
|
|||
|
|||
|
Re: SWEN virus.
"Shashank Khanvilkar" <shashank@mia.ece.uic.edu> wrote in message news:boophr$7rn$1@newsx.cc.uic.edu... > > > > My real concern is how can one remedy this problem at the root.. Even if i > install anti-virus software, my server is still receiving those bloody > emails, wasting a lot of BW. Isn't there any current mechanism built into > SMTP, which will automatically stop relaying messages from the culprit, > right at the first hop, and if not what can be done about it. > > All Comments appreciated. > STOP posting with a valid email address!!!! Munge your address (like mine) and they will stop, eventually. I was getting 40-50 of these emails when I munged my email 3 weeks ago, now I'm getting 8-9 per week and that rate is dropping fast. You see, Swen infected computers look in the newsserver for posts with a valid email address, those that it finds get pounded. Munge your email, then, as the posts you made with a valid email expire, your swen emails will naturally drop off..... Ken
|
|
11-10-2003
|
|||
|
|||
|
Re: SWEN virus.
Ken Bessler wrote:
> "Shashank Khanvilkar" <shashank@mia.ece.uic.edu> wrote in message > news:boophr$7rn$1@newsx.cc.uic.edu... > > >> My real concern is how can one remedy this problem at the root.. >> Even if i install anti-virus software, my server is still receiving >> those bloody emails, wasting a lot of BW. Isn't there any current >> mechanism built into SMTP, which will automatically stop relaying >> messages from the culprit, right at the first hop, and if not what >> can be done about it. >> >> All Comments appreciated. >> > > > STOP posting with a valid email address!!!! Munge your address (like > mine) and they will stop, eventually. > > I was getting 40-50 of these emails when I munged my email 3 weeks > ago, now I'm getting 8-9 per week and that rate is dropping fast. > > You see, Swen infected computers look in the newsserver for posts > with a valid email address, those that it finds get pounded. > > Munge your email, then, as the posts you made with a valid email > expire, your swen emails will naturally drop off..... > That is not the whole story. It is pretty clear that spammers harvest other victims' e-mail boxes and send stuff to everyone in them. So unless you have no one in the world with you in their address books, or at least no Microsoft users, you are doomed. And even were you so lucky, I observe from the Cc: headers that some of these bastards have 1,000,000 monkeys on the payroll typing out all possible e-mail addresses on every e-mail server they can find. And it is not too hard to find out the mail servers by rummaging around in the DNS. -- .~. Jean-David Beyer Registered Linux User 85642. /V\ Registered Machine 73926. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 3:50pm up 16 days, 14:26, 3 users, load average: 2.22, 2.16, 2.16
|
|
11-10-2003
|
|||
|
|||
|
Re: SWEN virus.
On Mon, 10 Nov 2003 12:52:40 -0600, Shashank Khanvilkar wrote:
I use mailfilter. My .mailfilterrc is at dotfiles.com. I never recieve SWEN. You may want to edit it. -- naSota@tPampabay.rAr.cMom - > (remove capital letters: SPAM)
|
|
11-10-2003
|
|||
|
|||
|
Re: SWEN virus.
"Shashank Khanvilkar" <shashank@mia.ece.uic.edu> wrote in message news:boon2m$7oo$1@newsx.cc.uic.edu... > Hi, > > I am receiving these annoying mails containing swen virus. My PC is not > infected with it, and I don't even know where it is coming from.. I could > setup filters but i was more concerned about the BW that it eats up, when i > download my mails from the server on a dial-up connection. > > Is there any way in which i can configure my SMTP server to stop receiving > mails that contain this virus. > How do i attack this problem.??> -- > Regards > Shashank > http://mia.ece.uic.edu/~papers *** I was getting about a hundred a day until I limited the size to 20k, above this - delete from sever. Most of all the MS ones were 150k and I think they still are. Though I still get 50 - 100 normal spam cr*p John.
|
Linear Mode
