[clug] [AUSCERT ALERT - Email worm W32.Beagle.A/Win32.Bagle.A]

Brian Morris brian at netspeed.com.au
Mon Jan 19 23:19:34 GMT 2004 

----- Original Message ----- 
From: "Nemo -earth native-" <nemo at nut.house.cx>
To: <linux at samba.org>
Sent: Monday, January 19, 2004 7:57 PM
Subject: Re: [clug] [AUSCERT ALERT - Email worm W32.Beagle.A/Win32.Bagle.A]
> > > Of late my ISP installed spam blocking software which they didn't tell
me
> > > abut. Unfortunately it keeps on killing samba-technical which is
slightly
> > > annoying.
>
> My ISP (erm, that would be me, Goldweb) uses the .exe blocking globally
> against all our customers. It checks against messages both incoming and
> outgoing. (there are actually well over a dozen filetypes it blocks on).
>
> I've had one or two complaints and a few inquiries. We've also had quite
> a few gratefull customers who have been saved from the same virus' that
> have infected all of their friends. We've been doing this for years, and
> the net consensus is very easily positive.

I agree with Nemo, we (NetSpeed) also remove executable attachments from
incoming (and outgoing) messages - we could have simply renamed them (ie put
an underscore in place of the '.' before the exe / pif / scr extention) but
we chose to delete them to save the customer some bandwidth and our helpdesk
staff some headaches.  The text goes through but the virus does not.

We can also exclude individual email addresses from these checks and allow
everything through for those few people (and law enforcement agencies) out
there who are 'savvy' enough to actually want to send an executable
attachment or who have a philosophical aversion to anybody 'tampering' with
there emails.

It took a long time to come up with a solution that will save the masses,
not break the law and still accommodate the needs of the few.  Our lawers
had a field day with their advice too.  It seems that the ACA prohibits you
from 'interfering with the passage of data passing through your network
without the authorisation of the recipient of that data'.  Try applying that
rule to spam filtering / virus scanning / proxy servers / KaZar etc etc...
then at the same time - apply the anti-porn legislation while fighting tough
guy emails from Paramount pictures because one of your customers has Star
Trek TNG on his KaZar server and at the same time try telling APRA to GGF
when they threaten to sue the ISP because one of their customers 'free
personal web space' has links (only links) to someone elses MP3's.

</rant>

Regards,

Brian Morris
NetSpeed

More information about the linux mailing list