Re: [Full-Disclosure] meay-meay! (virus sent via full-discosure list)

[KUIJPERS Jimmy]

How many times has this been discussed on the list?  Such alteration of messages send is in itself a form of moderation. even if you don't remove the virus itself. Something the list charter clearly states it will not do. Besides, why would the FD owners want to spend money (cpu power required for additional proccesing) on anti-virus while anti-virus is the clients responsibility. Especially on a security mailing list as this.

If you want to treat virusses difrently by adding a flag then you could have your own virusscanner do it. (and then you have to pay for the additional proccesing ;-) )
 

My 2ct
 
 

Bill Royds wrote:

 This virus sent to the list shows the problem of complete lack of
moderation. What would be best is a filter that does a virus scan and WARNS
about possible virus, but does not block anything. You would still be
responsible for personal digital hygiene, but would have a flag to filter
on.

Here are the headers of this message with McAfee message and a whois on the
originating MTA IP.

Return-Path: <[EMAIL PROTECTED]>
Received: from netsys.com (NETSYS.COM [199.201.233.10])
        by mail.zoneedit.com (Postfix) with ESMTP id 285443FA0D
        for <[EMAIL PROTECTED]>; Wed, 24 Mar 2004 17:17:19 -0500
(EST)
Received: from NETSYS.COM (localhost [127.0.0.1])
        by netsys.com (8.11.6p2-2003-09-16/8.11.6) with ESMTP id
i2OM4lJ28528;
        Wed, 24 Mar 2004 17:04:47 -0500 (EST)
Received: from kermit ([62.38.237.28])
        by netsys.com (8.11.6p2-2003-09-16/8.11.6) with SMTP id i2OLRWX15727
        for <[EMAIL PROTECTED]>; Wed, 24 Mar 2004 16:27:34
-0500 (EST)
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------sbeuunoxpacatulivtum"
Subject: [Full-Disclosure] meay-meay!
Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe:
<http://lists.netsys.com/mailman/listinfo/full-disclosure>,

<mailto:[EMAIL PROTECTED]>
List-Id: Discussion of security issues <full-disclosure.lists.netsys.com>
List-Post: <mailto:[EMAIL PROTECTED]>
List-Help: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <http://lists.netsys.com/mailman/listinfo/full-disclosure>,
        <mailto:[EMAIL PROTECTED]>
List-Archive: <http://lists.netsys.com/pipermail/full-disclosure/>
Date: Wed, 24 Mar 2004 23:27:25 +0200

******************   McAfee VirusScan ************************
******* Alert generated at: Wed, 24 Mar 2004 18:29:19 -0500 *********
*********************************************************************

McAfee VirusScan has detected a potential threat in this e-mail
sent by [EMAIL PROTECTED]
The following actions were attempted on each suspicious part.
We strongly recommend that you report this virus-related activity
to [EMAIL PROTECTED]

 The attachment "TextFile.zip" is infected with the W32/Bagle.gen!pwdzip
Virus(es).
This attachment has been cleaned.

===================whois for sending MUA ==========

03/25/04 08:29:36 whois [EMAIL PROTECTED]

whois -h whois.ripe.net 62.38.237.28 ...
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum:      62.38.0.0 - 62.38.255.255
netname:      GR-HOL-20010530
descr:        Hellas On Line S.A.
descr:        PROVIDER
country:      GR
admin-c:      HA194-RIPE
tech-c:       CO95-RIPE
status:       ALLOCATED PA
mnt-by:       RIPE-NCC-HM-MNT
mnt-lower:    AS3329-MNT
changed:      [EMAIL PROTECTED] 20010530
changed:      [EMAIL PROTECTED] 20031210 # gr.hol.aval via
https://lirportal.ripe.net
source:       RIPE

route:        62.38.0.0/16
descr:        HOL
origin:       AS3329
mnt-lower:    AS3329-MNT
mnt-routes:   AS3329-MNT
mnt-by:       AS3329-MNT
changed:      [EMAIL PROTECTED] 20010530
source:       RIPE

role:         HOL Administration
address:      Hellas On Line S.A.
address:      Harilaou Trikoupi 151
address:      N. Kiffisia, Greece 14564
e-mail:       [EMAIL PROTECTED]
trouble:      Questions....... mail to: [EMAIL PROTECTED]
trouble:      Spam Reports.... mail to: [EMAIL PROTECTED]
trouble:      Abuse Reports... mail to: [EMAIL PROTECTED]
admin-c:      KK5841-RIPE
tech-c:       AV845-RIPE
tech-c:       TK583-RIPE
tech-c:       CO95-RIPE
nic-hdl:      HA194-RIPE
mnt-by:       AS3329-MNT
changed:      [EMAIL PROTECTED] 19970821
changed:      [EMAIL PROTECTED] 19970826
changed:      [EMAIL PROTECTED] 19981217
changed:      [EMAIL PROTECTED] 20000110
changed:      [EMAIL PROTECTED] 20010314
changed:      [EMAIL PROTECTED] 20020121
changed:      [EMAIL PROTECTED] 20030624
source:       RIPE

role:         HOL Network Operations Center
address:      Hellas On Line S.A.
address:      Harilaou Trikoupi 151
address:      N. Kiffisia, Greece 14564
e-mail:       [EMAIL PROTECTED]
trouble:      Questions....... mail to: [EMAIL PROTECTED]
trouble:      Spam Reports.... mail to: [EMAIL PROTECTED]
trouble:      Abuse Reports... mail to: [EMAIL PROTECTED]
admin-c:      KK5841-RIPE
tech-c:       AV845-RIPE
tech-c:       TK583-RIPE
nic-hdl:      CO95-RIPE
mnt-by:       AS3329-MNT
changed:      [EMAIL PROTECTED] 19970821
changed:      [EMAIL PROTECTED] 19981217
changed:      [EMAIL PROTECTED] 20000110
changed:      [EMAIL PROTECTED] 20010314
changed:      [EMAIL PROTECTED] 20010320
changed:      [EMAIL PROTECTED] 20010607
changed:      [EMAIL PROTECTED] 20020121
changed:      [EMAIL PROTECTED] 20030909
source:       RIPE

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of
[EMAIL PROTECTED]
Sent: March 24, 2004 4:27 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] meay-meay!

 The access is open !!!

password  for  archive: 01825

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

smime.p7s
Description: S/MIME Cryptographic Signature