sendmail.net: Update: Blocking "Killer Resume"May 31, 2000, 13:19 (2 Talkback[s])
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
"Jose Nazario has updated the .cf/.mc patch on his mirror site to include "Killer Resume" and was kind enough to share the fix with us. The patch, designed to block the ILOVEYOU worm and related worm/virus medleys, works on sendmail 8.9.x and above using the subject line checking options available. Koos van den Hout did the original based on last year's Melissa patch, with additions by Nazario and further tweaks by Keith Petersen at army.mil (who also modified the error code to be a 552, as per RFC 821)."
"It's worth noting that in the long run, header checks are an inadequate solution to this problem for a couple of reasons. First, they can cause email about the virus to bounce (as people on the Bugtraq list quickly realized at the time of the ILOVEYOU worm). Second, there's no reason to think this sort of thing won't continue, which means that the list of offending subject lines will eventually reach absurd proportions. While these things obviously have to be blocked, it should ideally be done based on the message body content containing the dangerous VBS - which is, of course, the job of virus scanners."
"Other problems exist at the user level that are beyond the reach of server-side patches and scanners, though they may ultimately succumb to education. (Still using Outlook? Thanks for sharing. ;)"
0 Talkback[s] (click to add your comment)