I think that your original email was a bit harsh. This is a public list that any one can choose to join and lurk on. Just because they joined, dont make them a seasoned professional. But, I do agree that this list shouldnt allow attachments. Its convenient to see v-cards, but I dont think its neccessary. Certainly any need to send someone an attachment doesnt need to go to the entire list. And if it does, its likely that it should be hosted on an ftp somewhere. -----Original Message----- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: 2/13/01 8:30 AM Subject: RE: Que? I was not complaining about the e-mail informing us that is was a 'nasty little script'. I was highlighting the point that a mailing list whose focus is IT Security was used to prolifferate malware. Let me see if I have you straight here. OK its nice to see the A.V. and content analysis tools you have spent much resource on working as intended (Cheers for the the sample guys). But you can't seriously be telling me that the fact that this script was (Apparently/allegedly) sent to every e-mail address in Mr Rollie's Address Book, and that it was forwarded on to all of us is a usefull service? As one security professional to another. Even if it had no effect on any recipient. What would your response be when one of your company's customers calls up to complain about being sent a virus via e-mail from one of your users. Let me see if I can guess.... To give you some comfort ( as you are obviosuly concerned for my well being ) Of course I don't trust attachments. I do examine suspicious attachments with something a little more sophisticated than Notepad (or is that vi). My appologies to all on the list. My mail was supposed to address what I considered to be a serious issue. My intention was not to flame the guys who run this list or to start a flame war on the list. However, I fear that may be the result. Liam. > ---------- > From: Bill Royds > Sent: 13 February 2001 13:00 > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: RE: > > Actually that message was very useful to me. It gave me early warning > about the virus by showing that it leaked through our email anti-virus > and the code gave me some strings to scan for on our IDS. > As a security professional, I never execute anything I get in email, > but I do examine it with text only tools to look for problems. Don't > you > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, February 13, 2001 06:03 > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: > Importance: High > > > I have to say that it is a pretty sad state of affairs when a mailing > list that is dedicated to IT security issues falls foul of this type > of > problem. > > Is there any need to allow attachments on this forum? > > I assume that there is some form of content analysis performed on the > traffic through this list.....? > > I would assume that most people on this list have some form of content > analyser implemented on their mail gateway. I would further assume > that > if you were not covered when the first VBS was distributed then you > were > pretty soon afterwards ( weren't you? ). This is the responsible thing > to do. I am sure that the guys who run this list would think so too. > > I know that this list is run (pretty smoothly) as a free service to us > and the relevant T&Cs are in place, but people have been put on RBL > for > less. Is there a cheep and simple method you guys could implement by > which attachments could be prohibited on this list? > > Cheers,Liam. > > > > > > > > > > > ---------- > > From: Matt Rogghe > > Sent: 12 February 2001 20:55 > > To: 'Gary Rollie'; [EMAIL PROTECTED] > > > > That last post to here was a nasty little replicator script. Looks > > like > > it's just hitting the global address list so far on the exchange > > server. > > - > > [To unsubscribe, send mail to [EMAIL PROTECTED] with > > "unsubscribe firewalls" in the body of the message.] > > > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
