Okay my IT virus story. Working for a small bank in London. Helpdesk support staff member not that cluey but able to do his work.
I think it was Mellisa (this I love your Virus). First email sent to one of the Sale people, smart person, realises the sender doesn't really love him so sends the mail to the helpdesk and then deletes it with out preview or viewing the message. Our helpdesk person, decides to investigates, how he opens the email in outlook. This starts the infection at work. 5 min later calls me "Ummmm alex I think I have let a virus loose". Alex stops all exchange servers in the company and then spends the rest of the day cleaning out mailboxes. Alex On Mon, Feb 02, 2004 at 04:03:45PM +1100, James Gray wrote: > > > Mary Gardiner wrote: > >I've set up amavis with clamav on my machine (Debian, MTA = Postfix) and > >it certainly seems to be finding viruses. > > > >However, I'm wondering whether I keep be the default setup, or tell > >amavis not to warn the sender that they have a virus. Its config file > >claims that it knows which viruses forge senders, but it looks like I > >have to update this by hand (practically every new virus forges senders, > >it seems). > > > >And of course, I don't want to contribute to the growing "you have a > >virus!" warning message problem which is growing as fast as the viruses > >themselves. > > > >What are people doing with their virus scanners? Not warning senders? > >Warning only senders of non-forging viruses? How do you keep your > >"forging" list up to date? > > > >-Mary > > Like most others we gave up sendinig out "virus infection notifications" > about 2 years ago. It wastes bandwidth, time and resources; both human > and machine. We use MailScanner (www.mailscanner.info) with Sendmail. > The combination of regex matching at the SMTP session level and then > scanning the messages that get through Sendmail is almost 100% effective > :) Not one mydoom/novarg made it through and our mail server barely > broke a sweat even at the height of the outbreak early last week. > > The only thing we notify senders about is attachments we dont allow for > policy reasons. Stuff like mpegs/avi etc, and raw executables[1] are > all blocked but the sender is told so. > > HTH > > --James > [1] "raw executables" are what we use to refer to windows executeable > files that aren't zipped or otherwise encapsulated to prevent > "automatic" execution in Outlook (grr). However after this most recent > outbreak of Mydoom/Novarg we're looking at blocking ALL executeable > stuff no matter how it's sent! After one of our 'super-users'[2] > infected himself with Novarg in Japan...... You want to send a user an > exe - use the corp. ftp server (which has private dirs etc). :-/ Still > gotta get it past HR. > > [2] Once upon a time "Super-users" had $CLUE now they are lacking $CLUE > and in desperate need of a dirty good LART'ing!! Guess who is no longer > a super-user? He got infected from a mail attachment in his Yahoo > webmail account. He'd shut down the real-time scanning on his p4 > 2.4GHz/512Mb machine coz he considered NAI VirusScan a too much a > resource hog - idiot. We've now disabled the users from doing ANYTHING > to their virus scanners except triggering a manual update and displaying > "about" info. *sigh* > > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
