ALL originate from 203.197.156.198 (FOURTEEN copies onlist as I write
this). Those attachments will have failed to be identified as viruses
because they aren't viruses - they're stubs indicating that the A/V system
at rwth-aachen.de (the list host) successfully scrubbed the
messages. Unfortunatley, it appears to decide it should forward the
messages on to the list instead of bouncing them to the listadmin web
interface.
However, at least for list messages, these messages can be scuttled easily
enough:
:0:
* ^X-BeenThere: procmail(_at_)lists\(_dot_)RWTH-Aachen\(_dot_)DE
* ^Received:[ ]*from localhost
* B ?? ^Client: MailMonitor for SMTP
* B ?? ^Virus identity found:
procmail_virus_spooge.mbx
The second condition is consistent with all of the messages in this case,
but for a more generic filter, it should be removed.
Since I recieved a number of successfully quarantined copies directly from
the same IP source, chances are good the participants on this list will be,
or have already received multiple copies at their own hosts as well. I've
gone so far as to add the source IP to a viral blacklist on my own net.
Quite obviously, some current or past subscriber to the procmail list is a
total fsck.
The more I think about it, the more a globally accessible INFECTIOUS HOST
DNSBL makes sense. The problem is the overhead of administering it, and
getting hosts to subscribe to its use: the more hosts that subscribe, the
easier it'd be to put a clamp down on the spread of email viruses (and
certainly dramatically reduce the network bandwidth consumed by them).
Note that the list config could be switched to PLAIN TEXT ONLY, though
before doing so, I'd need to pass it by the admin at rwth-aachen.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail