Antigen found =*.exe file

Aaron Blosser ablosser@virtuoso.com
Sun, 28 Oct 2001 19:58:29 -0800


Did that message look like spam?  I have no idea where the message came
from except that it looked like someone sent an email to someone on our
system that contained an EXE, and the failure message bounced back to
the list.

I assume that if someone were going to go to all the trouble of forging
some headers, they'd do something far more interesting than send out a
message indicating an EXE had been removed from an email.

I still say it's the list's job to block emails from unsubscribed
people, so if an automated bounce made it to the list, that's the list's
problem.  I'd be more than happy to block ANY email coming from whatever
list this is if you'd just give me the email address of that list (I
don't even know if I'm replying to a list or not).

> -----Original Message-----
> From: Karl Anderson [mailto:kra@monkey.org]
> Sent: Sunday, October 28, 2001 2:12 PM
> To: Aaron Blosser
> Cc: Karl Anderson; fork@xent.com; mark@is2inc.com
> Subject: Re: Antigen found =3D*.exe file
>=20
> "Aaron Blosser" <ablosser@virtuoso.com> writes:
>=20
> > I'd suggest that your list server should block emails that are
machine
> > generated and/or don't come from members of the list, just like a
real
> > list server would (I know ours does).  I'd also suggest that mail
lists
> > are not the place to post binaries, much less posting cracks.
> >
> > Just my observation as the email administrator.
>=20
> Wow.  Swell suggestions, and I hope that the xent administrator gives
> them as much consideration as they deserve.
>=20
> You didn't deny being responsible for the message below - I'd suggest
> to you that email administrators who allow forged spam to come from
> their domain don't last long on the net - blacklists aren't good for
> business.
>=20
> > > -----Original Message-----
> > > From: Karl Anderson [mailto:kra@monkey.org]
> > > Sent: Saturday, October 27, 2001 11:32 PM
> > > To: fork@xent.com
> > > Cc: mark@is2inc.com; Virtuoso Administrator
> > > Subject: Re: Antigen found =3D*.exe file
> > >
> > > Antigen@xent.com writes:
> > >
> > > > Antigen for Exchange found MS DRM crack.zip->FreeMe.exe matching
> > =3D*.exe
> > > file filter.
> > > > The file is currently Removed.  The message, "RE: Microsoft DRM2
> > > cracked, source code released", was
> > > > sent from Lucas Gonze  and was discovered in SMTP
Messages\Inbound
> > > > located at Virtuoso/First Administrative Group/MAIL.
> > > >
> > > > In order to increase security and lessen the risk of viral
> > outbreaks,
> > > all files of the type =3D*.exe are being blocked in the email
system.
> > >
> > > Great, a mail filter that spams the list, whatever will they think
of
> > > next.  Mark, is this your ISP, or you?
> > >
> > > --
> > > Karl Anderson      kra@monkey.org
> > http://www.monkey.org/~kra/
> >
> >
> > http://xent.com/mailman/listinfo/fork
> >
>=20
> --
> Karl Anderson      kra@monkey.org
http://www.monkey.org/~kra/