Re: [sniffer] New virus...

[Joe Wolf / Internet Specialists, LLC]

If you are running your mail server only for yourself feel free to ban 
.exe's and .zip's.  If you are providing mail services to others I STRONGLY 
suggest you consult an attorney that specializes in Internet related 
matters.  There have been a couple of recent cases where ISP's have been 
held responsible for non-delivery of messages.


I asked two for an opinion on the matter and was told that we should not 
block or hold any messages unless we believe them to be a specific threat to 
our systems.  After the smoke cleared we came to the conclusion that it's OK 
to block known viruses and threats, but they had to be "known".  We no 
longer hold or delete any known SPAM.  We let the users or domain admins 
determine via rules what they want to block.


I also checked with our errors and omissions insurance provider and was told 
that we would not be covered for non-delivery issues if it was a "deliberate 
act" on our part to block them.


This has become a hot issue that few want to discuss.  It's nearly 
impossible to find an attorney well versed in the field.  As more become 
aware of the issue I suspect it will become a popular point to litigate (has 
your ISP caused you damage by failing to deliver important information?, 
etc.).


The bottom line is that if you block items like all .exe's or all .zip's you 
are taking the responsibility for non-delivery.  In the two cases I found 
one had a disclaimer, and the other a written TOS.  It didn't help either in 
court.


Just be very careful.

-Joe
- Original Message - 
From: "John T (Lists)" <[EMAIL PROTECTED]>

To: 
Sent: Thursday, October 06, 2005 2:01 AM
Subject: RE: [sniffer] New virus...


No need to block zips, with Declude just add "BANZIPEXTS ON" to your
virus.cfg file since the payload is an exe within the zip and since we are
all already banning executable files, correct?

John T
eServices For You


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]

On

Behalf Of Pete McNeil
Sent: Wednesday, October 05, 2005 8:41 PM
To: sniffer@sortmonster.com
Subject: [sniffer] New virus...
Importance: High

Hello sniffer,

  Hello folks... watch out for a new virus email with an attachment
  named "pword _ change . zip" - extra spaces added to skip filters
  ;-)

  We're adding some SNF rules to catch it. No word about it on virus
  lists or scanner services yet (that I can see).

  You may want to temporarily block .zip files - or at least this
  particular zip file until the new rules can be pushed out and the
  virus scanners catch up.

Thanks,
_M

Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
Chief Scientist (www.armresearch.com)


This E-Mail came from the Message Sniffer mailing list. For information

and

(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html



This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html



This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] Sniffer Resources

[Joe Wolf / Internet Specialists, LLC]

How does AVAFTERJM help?  Unless you had JunkMail delete the message it 
would seem that it has to be scanned for viruses either way.


I don't know which uses more processor time... Virus or SPAM scanning.  If 
you use a bunch of tests it probably takes more horsepower to scan for SPAM 
than viruses.  If that's the case then it would see like you would want to 
virus scan FIRST.  Any message deleted by the virus scanner don't need to be 
scanned for SPAM.


Maybe I'm way off base?  I'm sure not an expert on this!

-Joe
- Original Message - 
From: "Richard Farris" <[EMAIL PROTECTED]>

To: 
Sent: Thursday, September 08, 2005 11:48 AM
Subject: Re: [sniffer] Sniffer Resources


It was suggested that I put AVAFTERJM in my Declude configuration and that 
has made a huge difference...I have my old server back...I hope this does 
not cause other problems..we will continue to monitor this..


Richard Farris
Ethixs Online
1.270.247. Office
1.800.548.3877 Tech Support
"Crossroads to a Cleaner Internet"

- Original Message - 
From: "Richard Farris" <[EMAIL PROTECTED]>

To: 
Sent: Tuesday, September 06, 2005 10:07 AM
Subject: [sniffer] Sniffer Resources


When I turn off sniffer my server acts normally on rescources..but when I 
turn it on it goes to 100% and stays there most of the time...I have 
tried updating the sniffer and rebooting the server but does not 
help...it has been doing this for about a month...has anyone else seen 
this..if not what can I do to resolve it..right now I have sniffer turned 
off so I can just send mail thru the server..


Richard Farris
Ethixs Online
1.270.247. Office
1.800.548.3877 Tech Support
"Crossroads to a Cleaner Internet"

- Original Message - 
From: "Pete McNeil" <[EMAIL PROTECTED]>

To: "Andy Schmidt" 
Sent: Monday, September 05, 2005 9:43 AM
Subject: Re: [sniffer] Integration with today's new ORF version:



On Monday, September 5, 2005, 9:26:38 AM, Andy wrote:

AS> http://www.vamsoft.com/orf/agentdefs.asp
AS>
AS> It says to contact  vendor. Here I am .

Yes indeed.

How may I help you?

_M



This E-Mail came from the Message Sniffer mailing list. For information 
and (un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html






This E-Mail came from the Message Sniffer mailing list. For information 
and (un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html






This E-Mail came from the Message Sniffer mailing list. For information 
and (un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html





This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html