[Clamav-users] Sober.H

[Philipp Grosswiler]

Since 2-3 days our mail server is getting hit by several rassistic e-mails,
all written in German. First, I thought it is a spam case, but after reading
some of those offending e-mails, I understood that they were coming from the
Sober author (he left some personal comments at the end).

But because there were no attachments or any other harmful methods included
(unless you find rassistic content harmful), I didn't react and decided to
stay calm.

Now I read a news article on heise.de, that F-Secure calls those e-mails
under the name of Sober.H. I would like that ClamAV could also add those
signatures to the database, as there seem to be a lot of victims out there
being infected by Sober.G, which can reload all kind of executable to do
with the victim whatever he wants... Now it looks like the Sober author is
kind of rassist and I do not tolerate that.

Link to the article (written in German):
http://www.heise.de/security/news/meldung/48195

What can I do to help you stop this kind of e-mails? Or is your policy to
not do anything against this, since it's not really harmful (means no direct
virus or worm)?

Keep up your great work, I really love ClamAV :) ...

Regards,
Phil.


smime.p7s
Description: S/MIME cryptographic signature

Re: [Clamav-users] Sober.H

[Kevin Spicer]

On Sat, 2004-06-12 at 22:12, Philipp Grosswiler wrote:
 Now I read a news article on heise.de, that F-Secure calls those e-mails
 under the name of Sober.H. I would like that ClamAV could also add those
 signatures to the database, as there seem to be a lot of victims out there
 being infected by Sober.G, which can reload all kind of executable to do
 with the victim whatever he wants... Now it looks like the Sober author is
 kind of rassist and I do not tolerate that.
 

According to the google translation of the page it looks like the
signature actually detects the new varient of Sober which sends the
emails, rather than the emails themselves.

 What can I do to help you stop this kind of e-mails? Or is your policy to
 not do anything against this, since it's not really harmful (means no direct
 virus or worm)?

Lots of viruses are now used for bulk emailing of spam by compromised
machines, this only appears different because of the nature of the
content (theres plenty of other objectionable content in spam) and the
fact its in German.  In any event the filtering of objectionable and
unsolicited content is a job for your anti-spam solution of choice.




BMRB International 
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 
business.




---
This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the
one installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
___
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users