> >http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]
that's one nasty payload. "The worm arrives as an email attachment. The subject, body, and From: address of the email may vary." "The worm can vary the message it sends, as well as the filename that it attaches itself as. The worm uses an incorrect MIME Header exploit," while postfix header and mime checking will stop the vast majority of this crap, this type of monster is exactly why you need true SMTP virus scanner in your mail path. example admin notice from our Kaspersky scanner that sits between our MXs and our mailbox server: ================================================= This is a mail anti-virus program at host Virus-Gate.MEIway.com The mail system received a message from [EMAIL PROTECTED] destined to [EMAIL PROTECTED] that contains either infected or suspicious file(s) and it has not reached the above destination(s). Original message given below. Antivirus message(s): infected: I-Worm.Swen ======================================================== in reference to my msgs in the Imail forum about blocking all mail from subscriber networks, you know that subscriber networks will very probably be (no av scanner, no firewall, etc) the largest single source of spreading sven infections. When somebody says "we can't block subscriber networks because we must provide services to our users", I wonder who TF they think I'm trying to protect with my recommendation of subscriber mail blocking? May they be inundated with sven (you know I don't really mean that), lose 100's of machines, and spend 1000's of $$$$ and hours re-deploying the PCs, and then we will re-visit the discussion about blocking mail from "subscriber" networks. I'm obviously of the position that, FOR OUR OWN PROTECTION and to have a chance (of unknown probabability success) of saving Internet email from destruction, we must INSIST on absolutely impeccable SMTP/DNS credentials from every single mailer pretending to deliver mail to our MXs. Len
