Re: Watch out! vsftpd anonymous access always enabled!
Dariush Pietrzak said: ssh for pretty much everything I can, and otherwise wget. I only Could all those security experts recommending using sftp/scp for data transfers please explain how did they come to conclusion that creating shell accounts is the best way of giving access to few files? take a look at scponly or rssh. these tools restrict the usage of a shell account, allowing only scp/sftp. -- johannes resch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Watch out! vsftpd anonymous access always enabled!
There's nothing wrong with offering data over ftp to the general public, especially when you can guarantee the contents in some way. There is something wrong when you need secure, private transfers. And what is wrong with it when you need secure, private transfers? I wonder though, why no-one has mentioned ftp over TLS/SSL, which is a that's because it was oh so cool to use scp to transfer files, and now that's the only way l33t does it. scp is a hack, ftp/tls is an elegant solution, and who would want elegant solutions when they can feel l33t. What is wrong with people, someone ask for a solution, and everybody jumps up to shout - Hey! I know what is scp!, Dude, I know rsync. I SOO envy you, I never would've figured out how to use those highly sophisticated tools... About FTP/TLS: http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-12.txt describes a mechanism that can be used by FTP clients and servers to implement security and authentication using the TLS protocol defined by [RFC-2246] and the extensions to the FTP protocol defined by [RFC-2228]. http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html contains a list of clients and servers that supports the FTP TLS/SSL protocols, plus alot of additional info. simple tools like lftp support those almost-decade-old specifications, there's no need to create shell accounts on your system for every person who wants to transfer files, specification is clean and simple. There ARE scenarios where scp/sftp would fit better - for example you want authentication based on private/public key. Support for that is very stable with ssh, with ftp you would be pressed hard to find server that works like that. -- Dariush Pietrzak, Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
bugs #212357 and #212358: could we have a 'deprecated' priority?
I have opened #212357 and #212358 against vtun and CIPE due to the recent article on their weaknesses as secure VPN tools, and the fact that nothing in their descriptions tell the user about the problem. It has been suggested that we could change the descriptions (so far so good) and punt the packages to 'extra'. However, a lot of good stuff is in extra because other good stuff is in optional. What we really could use is a 'deprecated' section IMHO. Thoughts on the issue? -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: bugs #212357 and #212358: could we have a 'deprecated' priority?
On Tue, Sep 23, 2003 at 11:21:14AM -0300, Henrique de Moraes Holschuh wrote: I have opened #212357 and #212358 against vtun and CIPE due to the recent article on their weaknesses as secure VPN tools, and the fact that nothing in their descriptions tell the user about the problem. It has been suggested that we could change the descriptions (so far so good) and punt the packages to 'extra'. However, a lot of good stuff is in extra because other good stuff is in optional. What we really could use is a 'deprecated' section IMHO. Thoughts on the issue? I'd like to see a section for packages that aren't actually useful, and are only good for testing/development. e.g. there are some game packages in Debian that don't seem to be able to do anything useful at all. Maybe that's a separate problem, and there shouldn't be binary packages of some of those things in Debian at all. If half (or less) finished software is going to stay in Debian, maybe these known-broken crypto tools could be lumped in with it? Maybe there should be a status field separate from the section thing to indicate the quality of the package, like not-working, alpha, beta, or stable. Err, I'm probably not the first person to have said the above, probably just the first to clutter up deb-sec with it, so I suppose I should really go search the deb-devel archives to see if anyone has any plans about this kind of thing... -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces! -- Plautus, 200 BC -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
ProFTPD ASCII File Remote Compromise Vulnerability
Looking for the Debian Woody patch. Anyone know if it is available or if this version is exploitable? -BEGIN PGP SIGNED MESSAGE- Internet Security Systems Security Brief September 23, 2003 ProFTPD ASCII File Remote Compromise Vulnerability Synopsis: ISS X-Force has discovered a flaw in the ProFTPD Unix FTP server. ProFTPD is a highly configurable FTP (File Transfer Protocol) server for Unix that allows for per-directory access restrictions, easy configuration of virtual FTP servers, and support for multiple authentication mechanisms. A flaw exists in the ProFTPD component that handles incoming ASCII file transfers. Impact: An attacker capable of uploading files to the vulnerable system can trigger a buffer overflow and execute arbitrary code to gain complete control of the system. Attackers may use this vulnerability to destroy, steal, or manipulate data on vulnerable FTP sites. Affected Versions: ProFTPD 1.2.7 ProFTPD 1.2.8 ProFTPD 1.2.8rc1 ProFTPD 1.2.8rc2 ProFTPD 1.2.9rc1 ProFTPD 1.2.9rc2 Note: Versions previous to version 1.2.7 may also be vulnerable. For the complete ISS X-Force Security Advisory, please visit: http://xforce.iss.net/xforce/alerts/id/154 __ About Internet Security Systems (ISS) Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader in software and services that protect critical online resources from an ever-changing spectrum of threats and misuse. Internet Security Systems is headquartered in Atlanta, GA, with additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this document. It is not to be edited or altered in any way without the express written consent of the Internet Security Systems X-Force. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email [EMAIL PROTECTED] for permission. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. X-Force PGP Key available on MIT's PGP key server and PGP.com's key server, as well as at http://www.iss.net/security_center/sensitive.php Please send suggestions, updates, and comments to: X-Force [EMAIL PROTECTED] of Internet Security Systems, Inc. -BEGIN PGP SIGNATURE- Version: 2.6.2 iQCVAwUBP3BeFTRfJiV99eG9AQG2ngP/XopPpEYCbR6HSYhObaK+c2D32kwfiQEP CJqXmoljU661kBKvL2RclLF8tutegL3T44/5utBuVgzCWALSRrJiJgZMWafRtE7m lnl7V5Rzo7aEBxhmiaOqdLoNgzNd8NTtSkPrcFQZxjrQe9FvpIgsyiuY6ADNoDfH mXStpCwCFWg= =TZR3 -END PGP SIGNATURE- --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.518 / Virus Database: 316 - Release Date: 9/11/2003 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ProFTPD ASCII File Remote Compromise Vulnerability
On Tue, Sep 23, 2003 at 02:45:24PM -0500, Bender, Jeff wrote: Looking for the Debian Woody patch. Anyone know if it is available or if this version is exploitable? According to the maintainer, the version in woody is not affected by this bug. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: ProFTPD ASCII File Remote Compromise Vulnerability
Thanks. Do you happen to have a link where this might be posted? -Original Message- From: Matt Zimmerman [mailto:[EMAIL PROTECTED] On Behalf Of Matt Zimmerman Sent: Tuesday, September 23, 2003 3:26 PM To: '[EMAIL PROTECTED]' Subject: Re: ProFTPD ASCII File Remote Compromise Vulnerability On Tue, Sep 23, 2003 at 02:45:24PM -0500, Bender, Jeff wrote: Looking for the Debian Woody patch. Anyone know if it is available or if this version is exploitable? According to the maintainer, the version in woody is not affected by this bug. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.518 / Virus Database: 316 - Release Date: 9/11/2003 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ProFTPD ASCII File Remote Compromise Vulnerability
On Tue, Sep 23, 2003 at 04:13:02PM -0500, Jeff Bender wrote: Thanks. Do you happen to have a link where this might be posted? http://bugs.debian.org/212416 Marcin -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MS BS
My secalert account for these lists is being drenched with 40 to 70 of these fake Microsoft Update emails per day. My filters on my client dump them to a Junk folder, but I would prefer it if my Exim filter would do the job at the server level instead. I am running Nigel Metheringham's system_filter.exim. The single part MIME filter doesn't seem to catch it though. What are others on this list using or doing to blatently block this stuff? There is no valid .exe I could receive, ever. I (re)started reading via webmail for purging the mails on the popserver. There might be much more comfortable ways and much more efficient ways but I don't want to rebuild the whole mailing-system after the traffic has disappeared. Hi, same problem here. Solution has been discussed on debian-laptop :-) 2 days ago. Here's the solution given by Georg Sauthoff : those Microsoft Outlook (Express)/Internet Explorer users who give a sh** about security || privacy really sucks. Specially Microsoft extremely sucks, because they make such worms etc. possible. So I updated my mailfilter config: http://www.uni-bielefeld.de/~gsauthoff/mailfilterrc (the regular expression catches nearly every 150 KB Message - but false-positives are always possible) Mailfilter deletes the messages at the pop3 server wihout downloading. I checked it out (apt-get install mailfilter) on my system and it works great ! 170 emails removed today, 20Mb less to download ! So if your're fetching your emails from a POP account, that's the solution. If you're using some other method for getting your emails, I think that some identical rules should do the job in fetchmail|exim|qmail|whatever Joel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Proftpd
ISS announced a remote exploit in proftpd today. http://xforce.iss.net/xforce/alerts/id/154 Tt mentions a 'maybe' on versions earlier than 1.2.7, woody is 1.2.4. Is this version affected by this bug, or not? Greetings, Arend van Waart -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MS BS + Sorting out the virii
Am Dienstag, 23. September 2003 23:48 schrieb Joel HATSCH: of these fake Microsoft Update emails per day. The single part MIME filter doesn't seem to catch it though. What Just a note: Open Antivirus programs like clamav are not perfect, because the open virus database [1] is still too small... but for _sorting_ mail, clamav (it's in sid) is really good. It gives you X-Virus-Found: yes X-Virus-Status: Virus Scan Status: /tmp/07ae019a324f44ed/textportionKGUGaX: OK /tmp/07ae019a324f44ed/textportionOE5x4J: OK /tmp/07ae019a324f44ed/textportion4onCon: Worm.Gibe.F FOUND /tmp/07ae019a324f44ed/UPGRADE.exegbm4Ix.exe: Worm.Gibe.F FOUND in a mail with a virus if you use clamfilter [2], a single-file perl script, from procmail. Maybe clamfilter should be put into a package, it comes in handy. And... a mail with a positive virus recognition can be deleted without having to fear it's a false positive, against which a mail found to be Spam by Spamassassin may be a real mail. Clamav is growing, but doesn't recognize enough virii to protect an M$-System, but hey, my Spam and Virii folder, which I checked every day because of some false positives I got just became one Spam folder with low traffic and one Virii folder where mails are being marked read automatically and deleted after two months (food for spamassassin). Just walking through some Spam mails per day for real mails is really much easier than clicking through all those Worm mails. By the way, can anyone tell me why on a debian system the Spamassassin flag MICROSOFT_EXECUTABLE scores less than one point? A mail with a M$ EXE should really score 4.5 or so, because even if one of my friends sends me an EXE file on purpose, I would look for that in my Spam folder first ;) [1] http://www.openantivirus.org/ [2] http://www.everysoft.com/clamfilter.html -- Thomas Ritter Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety. - Benjamin Franklin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Watch out! vsftpd anonymous access always enabled!
Dariush Pietrzak said: ssh for pretty much everything I can, and otherwise wget. I only Could all those security experts recommending using sftp/scp for data transfers please explain how did they come to conclusion that creating shell accounts is the best way of giving access to few files? take a look at scponly or rssh. these tools restrict the usage of a shell account, allowing only scp/sftp. -- johannes resch
Re: Watch out! vsftpd anonymous access always enabled!
There's nothing wrong with offering data over ftp to the general public, especially when you can guarantee the contents in some way. There is something wrong when you need secure, private transfers. And what is wrong with it when you need secure, private transfers? I wonder though, why no-one has mentioned ftp over TLS/SSL, which is a that's because it was oh so cool to use scp to transfer files, and now that's the only way l33t does it. scp is a hack, ftp/tls is an elegant solution, and who would want elegant solutions when they can feel l33t. What is wrong with people, someone ask for a solution, and everybody jumps up to shout - Hey! I know what is scp!, Dude, I know rsync. I SOO envy you, I never would've figured out how to use those highly sophisticated tools... About FTP/TLS: http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-12.txt describes a mechanism that can be used by FTP clients and servers to implement security and authentication using the TLS protocol defined by [RFC-2246] and the extensions to the FTP protocol defined by [RFC-2228]. http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html contains a list of clients and servers that supports the FTP TLS/SSL protocols, plus alot of additional info. simple tools like lftp support those almost-decade-old specifications, there's no need to create shell accounts on your system for every person who wants to transfer files, specification is clean and simple. There ARE scenarios where scp/sftp would fit better - for example you want authentication based on private/public key. Support for that is very stable with ssh, with ftp you would be pressed hard to find server that works like that. -- Dariush Pietrzak, Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
bugs #212357 and #212358: could we have a 'deprecated' priority?
I have opened #212357 and #212358 against vtun and CIPE due to the recent article on their weaknesses as secure VPN tools, and the fact that nothing in their descriptions tell the user about the problem. It has been suggested that we could change the descriptions (so far so good) and punt the packages to 'extra'. However, a lot of good stuff is in extra because other good stuff is in optional. What we really could use is a 'deprecated' section IMHO. Thoughts on the issue? -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: bugs #212357 and #212358: could we have a 'deprecated' priority?
On Tue, Sep 23, 2003 at 11:21:14AM -0300, Henrique de Moraes Holschuh wrote: I have opened #212357 and #212358 against vtun and CIPE due to the recent article on their weaknesses as secure VPN tools, and the fact that nothing in their descriptions tell the user about the problem. It has been suggested that we could change the descriptions (so far so good) and punt the packages to 'extra'. However, a lot of good stuff is in extra because other good stuff is in optional. What we really could use is a 'deprecated' section IMHO. Thoughts on the issue? I'd like to see a section for packages that aren't actually useful, and are only good for testing/development. e.g. there are some game packages in Debian that don't seem to be able to do anything useful at all. Maybe that's a separate problem, and there shouldn't be binary packages of some of those things in Debian at all. If half (or less) finished software is going to stay in Debian, maybe these known-broken crypto tools could be lumped in with it? Maybe there should be a status field separate from the section thing to indicate the quality of the package, like not-working, alpha, beta, or stable. Err, I'm probably not the first person to have said the above, probably just the first to clutter up deb-sec with it, so I suppose I should really go search the deb-devel archives to see if anyone has any plans about this kind of thing... -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces! -- Plautus, 200 BC
ProFTPD ASCII File Remote Compromise Vulnerability
Looking for the Debian Woody patch. Anyone know if it is available or if this version is exploitable? -BEGIN PGP SIGNED MESSAGE- Internet Security Systems Security Brief September 23, 2003 ProFTPD ASCII File Remote Compromise Vulnerability Synopsis: ISS X-Force has discovered a flaw in the ProFTPD Unix FTP server. ProFTPD is a highly configurable FTP (File Transfer Protocol) server for Unix that allows for per-directory access restrictions, easy configuration of virtual FTP servers, and support for multiple authentication mechanisms. A flaw exists in the ProFTPD component that handles incoming ASCII file transfers. Impact: An attacker capable of uploading files to the vulnerable system can trigger a buffer overflow and execute arbitrary code to gain complete control of the system. Attackers may use this vulnerability to destroy, steal, or manipulate data on vulnerable FTP sites. Affected Versions: ProFTPD 1.2.7 ProFTPD 1.2.8 ProFTPD 1.2.8rc1 ProFTPD 1.2.8rc2 ProFTPD 1.2.9rc1 ProFTPD 1.2.9rc2 Note: Versions previous to version 1.2.7 may also be vulnerable. For the complete ISS X-Force Security Advisory, please visit: http://xforce.iss.net/xforce/alerts/id/154 __ About Internet Security Systems (ISS) Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader in software and services that protect critical online resources from an ever-changing spectrum of threats and misuse. Internet Security Systems is headquartered in Atlanta, GA, with additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this document. It is not to be edited or altered in any way without the express written consent of the Internet Security Systems X-Force. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email [EMAIL PROTECTED] for permission. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. X-Force PGP Key available on MIT's PGP key server and PGP.com's key server, as well as at http://www.iss.net/security_center/sensitive.php Please send suggestions, updates, and comments to: X-Force [EMAIL PROTECTED] of Internet Security Systems, Inc. -BEGIN PGP SIGNATURE- Version: 2.6.2 iQCVAwUBP3BeFTRfJiV99eG9AQG2ngP/XopPpEYCbR6HSYhObaK+c2D32kwfiQEP CJqXmoljU661kBKvL2RclLF8tutegL3T44/5utBuVgzCWALSRrJiJgZMWafRtE7m lnl7V5Rzo7aEBxhmiaOqdLoNgzNd8NTtSkPrcFQZxjrQe9FvpIgsyiuY6ADNoDfH mXStpCwCFWg= =TZR3 -END PGP SIGNATURE- --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.518 / Virus Database: 316 - Release Date: 9/11/2003
Re: ProFTPD ASCII File Remote Compromise Vulnerability
On Tue, Sep 23, 2003 at 02:45:24PM -0500, Bender, Jeff wrote: Looking for the Debian Woody patch. Anyone know if it is available or if this version is exploitable? According to the maintainer, the version in woody is not affected by this bug. -- - mdz
RE: ProFTPD ASCII File Remote Compromise Vulnerability
Thanks. Do you happen to have a link where this might be posted? -Original Message- From: Matt Zimmerman [mailto:[EMAIL PROTECTED] On Behalf Of Matt Zimmerman Sent: Tuesday, September 23, 2003 3:26 PM To: 'debian-security@lists.debian.org' Subject: Re: ProFTPD ASCII File Remote Compromise Vulnerability On Tue, Sep 23, 2003 at 02:45:24PM -0500, Bender, Jeff wrote: Looking for the Debian Woody patch. Anyone know if it is available or if this version is exploitable? According to the maintainer, the version in woody is not affected by this bug. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.518 / Virus Database: 316 - Release Date: 9/11/2003
Re: ProFTPD ASCII File Remote Compromise Vulnerability
On Tue, Sep 23, 2003 at 04:13:02PM -0500, Jeff Bender wrote: Thanks. Do you happen to have a link where this might be posted? http://bugs.debian.org/212416 Marcin -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
Re: MS BS
My secalert account for these lists is being drenched with 40 to 70 of these fake Microsoft Update emails per day. My filters on my client dump them to a Junk folder, but I would prefer it if my Exim filter would do the job at the server level instead. I am running Nigel Metheringham's system_filter.exim. The single part MIME filter doesn't seem to catch it though. What are others on this list using or doing to blatently block this stuff? There is no valid .exe I could receive, ever. I (re)started reading via webmail for purging the mails on the popserver. There might be much more comfortable ways and much more efficient ways but I don't want to rebuild the whole mailing-system after the traffic has disappeared. Hi, same problem here. Solution has been discussed on debian-laptop :-) 2 days ago. Here's the solution given by Georg Sauthoff : those Microsoft Outlook (Express)/Internet Explorer users who give a sh** about security || privacy really sucks. Specially Microsoft extremely sucks, because they make such worms etc. possible. So I updated my mailfilter config: http://www.uni-bielefeld.de/~gsauthoff/mailfilterrc (the regular expression catches nearly every 150 KB Message - but false-positives are always possible) Mailfilter deletes the messages at the pop3 server wihout downloading. I checked it out (apt-get install mailfilter) on my system and it works great ! 170 emails removed today, 20Mb less to download ! So if your're fetching your emails from a POP account, that's the solution. If you're using some other method for getting your emails, I think that some identical rules should do the job in fetchmail|exim|qmail|whatever Joel
Proftpd
ISS announced a remote exploit in proftpd today. http://xforce.iss.net/xforce/alerts/id/154 Tt mentions a 'maybe' on versions earlier than 1.2.7, woody is 1.2.4. Is this version affected by this bug, or not? Greetings, Arend van Waart
Re: MS BS + Sorting out the virii
Am Dienstag, 23. September 2003 23:48 schrieb Joel HATSCH: of these fake Microsoft Update emails per day. The single part MIME filter doesn't seem to catch it though. What Just a note: Open Antivirus programs like clamav are not perfect, because the open virus database [1] is still too small... but for _sorting_ mail, clamav (it's in sid) is really good. It gives you X-Virus-Found: yes X-Virus-Status: Virus Scan Status: /tmp/07ae019a324f44ed/textportionKGUGaX: OK /tmp/07ae019a324f44ed/textportionOE5x4J: OK /tmp/07ae019a324f44ed/textportion4onCon: Worm.Gibe.F FOUND /tmp/07ae019a324f44ed/UPGRADE.exegbm4Ix.exe: Worm.Gibe.F FOUND in a mail with a virus if you use clamfilter [2], a single-file perl script, from procmail. Maybe clamfilter should be put into a package, it comes in handy. And... a mail with a positive virus recognition can be deleted without having to fear it's a false positive, against which a mail found to be Spam by Spamassassin may be a real mail. Clamav is growing, but doesn't recognize enough virii to protect an M$-System, but hey, my Spam and Virii folder, which I checked every day because of some false positives I got just became one Spam folder with low traffic and one Virii folder where mails are being marked read automatically and deleted after two months (food for spamassassin). Just walking through some Spam mails per day for real mails is really much easier than clicking through all those Worm mails. By the way, can anyone tell me why on a debian system the Spamassassin flag MICROSOFT_EXECUTABLE scores less than one point? A mail with a M$ EXE should really score 4.5 or so, because even if one of my friends sends me an EXE file on purpose, I would look for that in my Spam folder first ;) [1] http://www.openantivirus.org/ [2] http://www.everysoft.com/clamfilter.html -- Thomas Ritter Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety. - Benjamin Franklin
