12000 copies of the Sobig virus has been intercepted and discarded on our gateway just so far today. Since we do not bounce or contribute to the traffic, the server has not even burped.
====================================== Stop spam on your domain, use our gateway! For hosting solutions http://www.clickdoug.com ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 ====================================== If you are not satisfied with my service, my job isn't done! ----- Original Message ----- From: "Michael Dinowitz" <[EMAIL PROTECTED]> To: "CF-Community" <[EMAIL PROTECTED]> Sent: Wednesday, August 20, 2003 12:51 PM Subject: Re: Clean off | I've got a small write-up on the front of FA that may be of interest to you. How | bad is it? The lists are being hammered and even though I have code that blocks | any viruses from hitting it, we're getting between 5 and 10 posts every minute | or two. My black hole account has gotten a few thousand posts already and while | my personal account isn't being to heavily hit, the donations account (from the | sites) is being pounded (but not to the point of the bh address). | I'm adding special code to my anti-spam package that will automatically delete | the virus from anyone using my package. It's actually rather easy to detect from | the header alone. I've found a few set patterns that can be used in all cases to | remove it. Have I mentioned that I love my mail system and anti-spam package | yet. :) | | | > Thankfully between gov't email and speakeasy's amazing services I am | > relatively untouched by the madness around me. | > | > How bad is it for other people? I am writing a special topic paper on soBig | > and the blaster variants, and tying it into change/patch management | > practices. I would really love to hear back from anyone that's been hit, | > about how they have dealt with it. Also those that weren't affected, what | > practices and policies do you have in place to help you mitigate some of the | > threat? | > | > Thanks, | > | > Timothy Heald | > Information Systems Specialist | > Overseas Security Advisory Council | > U.S. Department of State | > 571.345.2235 | > | > | > -----Original Message----- | > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] | > Sent: Wednesday, August 20, 2003 12:26 PM | > To: CF-Community | > Subject: Clean off | > | > | > I'm assuming everyone is covered by spam at the moment can can't post. If | > so, | > how about using CF to do your cleanup for you. Use CFPOP to get all the | > headers | > from your mail box (or maybe the first 20-50 at a time) and then run this | > against the returned query: | > SELECT Subject | > FROM Spam | > WHERE (DomainChecked = 0) AND (Subject LIKE '%Thank you%' OR | > Subject LIKE '%Approved%' OR | > Subject LIKE '%Details%' OR | > Subject LIKE '%Wicked screensaver%' OR | > Subject LIKE '%movie%' OR | > Subject LIKE '%your application%' OR | > Subject LIKE '%attachment%' OR | > Subject LIKE '%failure%' OR | > Subject LIKE '%failed%' OR | > Subject LIKE '%returned%' OR | > Subject LIKE '%virus%') | > ORDER BY Subject | > Anything that comes back can be routed to the screen so you can view the | > subject | > and other info. If its spam, just tell CFPOP to delete it. Saves on the | > downloading and can even be automated more. | > If you have access to your mail server, I've got an additional script | > suggestion | > that'll do the job automatically by detecting any mail files with viruses in | > them. Just needs CF, CFDIRECTORY, a CFX and a CFIF. | > | > Michael Dinowitz | > Finding technical solutions to the problems you didn't know you had yet | > | > | > | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:5 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5 Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
