|
|
BugTraq
RFC: virus handling Jan 28 2004 03:45PM Thomas Zehetbauer (thomasz hostmaster org) (13 replies) RFC: content-filter and AV notifications (Was: Re: RFC: virus handling) Jan 29 2004 12:00PM Andrey G. Sergeev (AKA Andris) (andris aernet ru) (1 replies) Re: RFC: content-filter and AV notifications (Was: Re: RFC: virus handling) Feb 03 2004 04:07PM Peter J. Holzer (hjp wsr ac at) Re: RFC: virus handling Jan 28 2004 10:00PM John Fitzgibbon (fitz jfitz com) (1 replies) Re: RFC: virus handling Jan 28 2004 06:24PM Patrick Proniewski (patpro patpro net) (1 replies) Re: RFC: virus handling Feb 03 2004 08:55PM Matthew Dharm (mdharm one-eyed-alien net) (1 replies) Re: RFC: virus handling Jan 28 2004 06:07PM Jeremy Mates (jmates sial org) (1 replies) Hysterical first technical alert from US-CERT Feb 03 2004 12:11PM Larry Seltzer (larry larryseltzer com) (3 replies) Re: Hysterical first technical alert from US-CERT Feb 05 2004 12:18PM Andreas Marx (amarx gega-it de) Re: Hysterical first technical alert from US-CERT Feb 04 2004 02:31PM Valdis Kletnieks vt edu (2 replies) Re: Hysterical first technical alert from US-CERT Feb 05 2004 08:33AM Stephen Samuel (samuel bcgreen com) (1 replies) Re: Hysterical first technical alert from US-CERT Feb 06 2004 10:07PM Valdis Kletnieks vt edu (1 replies) Re: Hysterical first technical alert from US-CERT Feb 08 2004 01:01PM Shawn McMahon (smcmahon eiv com) RE: Hysterical first technical alert from US-CERT Feb 04 2004 02:41PM Larry Seltzer (larry larryseltzer com) (1 replies) Re: Hysterical first technical alert from US-CERT Feb 04 2004 12:27PM Philip Rowlands (phr doc ic ac uk) Re: RFC: virus handling Jan 28 2004 05:54PM 3APA3A (3APA3A SECURITY NNOV RU) (1 replies) getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 03 2004 09:11AM Gadi Evron (ge linuxbox org) (4 replies) Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 04 2004 08:04PM Georg Schwarz (geos epost de) Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 04 2004 06:27AM der Mouse (mouse Rodents Montreal QC CA) Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 03 2004 11:07PM James A. Thornton (jamest u-238 infinite1der org) |
|
Privacy Statement |
> 1.2.1.) Standardization
> To allow filtering of these messages they should always carry the text
> 'possible virus found' in the subject optionally extended by the name of
> the virus or the test conducted (eg. heuristics).
Delivery Status Notification (RFC 1894) has many disadvantages but IMHO it
is still better than Yet Another Idiosyncratic Ad-hoc Format.
> 1.1.2.) Original Message
> The notification should never include the original message sent as
> otherwise it may send the worm/virus to a previously unaffected third
> party or re-infect a system that has already been cleaned.
Notifications, if they are sent at all, should always include at least the
headers of the original message.
(Anyway, people removing a piece of malware from their computer without
taking any steps to prevent future infections (at least reinfections by
the same kind of malware) *deserve* to be reinfected.)
> 3.2.) Disconnect
> Providers should grant their customers some grace period to clean their
> infection and should thereafter be disconnected entirely or filtered
> based on protocol (eg. outgoing SMTP) or content (eg. transparent
> smarthost with virus scanner) until they testify that they have cleaned
> their system.
Infected hosts should be blocked/disconnected immediately. A filter set up
several hours after the fact (I suppose any reasonable "grace period"
would have to be at least several hours long) is pointless because a
typical 21st century fast spreading worm has already had enough time to
attack everyone in its vicinity.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
[ reply ]