---

sendmail.net: Update: Blocking “Killer Resume”

“Jose Nazario has updated the .cf/.mc patch on his mirror site
to include “Killer Resume” and was kind enough to share the fix
with us. The patch, designed to block the ILOVEYOU worm and related
worm/virus medleys, works on sendmail 8.9.x and above using the
subject line checking options available. Koos van den Hout did the
original based on last year’s Melissa patch, with additions by
Nazario and further tweaks by Keith Petersen at army.mil (who also
modified the error code to be a 552, as per RFC 821).”

It’s worth noting that in the long run, header checks are
an inadequate solution to this problem for a couple of
reasons.
First, they can cause email about the virus to bounce
(as people on the Bugtraq list quickly realized at the time of the
ILOVEYOU worm). Second, there’s no reason to think this sort of
thing won’t continue, which means that the list of offending
subject lines will eventually reach absurd proportions. While these
things obviously have to be blocked, it should ideally be done
based on the message body content containing the dangerous VBS –
which is, of course, the job of virus scanners.”

“Other problems exist at the user level that are beyond the
reach of server-side patches and scanners, though they may
ultimately succumb to education. (Still using Outlook? Thanks for
sharing. ;)”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis