You are viewing a plain text version of this content. The canonical link for it is here.
Posted to community@apache.org by Bertrand Delacretaz <bd...@codeconsult.ch> on 2003/06/02 13:21:48 UTC
FYI: spam/viruses originating from apache.org
FYI, I have received a spam/virus email apparently from someone
@apache.org, and I also got a virus scanner response at my @apache.org
address, indicating that some weird message has been sent with
bdelacretaz@apache.org as the originator.
If anyone wants to investigate further I have stored the messages, but
I don't think there's much that can be done about it.
--
Bertrand Delacretaz (codeconsult.ch, jfor.org)
XML, java, XSLT, Cocoon, FOP, mentoring/programming/teaching
blogspace http://www.codeconsult.ch/bertrand
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: FYI: spam/viruses originating from apache.org
Posted by James Duncan Davidson <du...@x180.net>.
On Wednesday, Jun 4, 2003, at 06:06 US/Pacific, Conor MacNeill wrote:
> I've found lack of a MessageId is a pretty good indication so far. I
> drop all
> such emails. I do miss out on a small amount of legitimate bulk email
> (NYTimes, JoelOnSoftware) but I'll handle that soon.
Not bad... I've never tried to write a procmail recipe that looked for
the absence of a header before, but it sounds like an interesting tack
to take.
James Duncan Davidson
Coder, Speaker, Author
http://x180.net/
[life live];
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: FYI: spam/viruses originating from apache.org
Posted by Conor MacNeill <co...@cortexebusiness.com.au>.
On Wed, 4 Jun 2003 04:32 am, Brian Behlendorf wrote:
> Many of the messages do not have attachments, though, oddly enough, and
> those aren't caught. I don't see a reliable pattern to match them on; I
> don't want to block all messages that say "Approved" for example. :)
I've found lack of a MessageId is a pretty good indication so far. I drop all
such emails. I do miss out on a small amount of legitimate bulk email
(NYTimes, JoelOnSoftware) but I'll handle that soon.
Just a thought.
Conor
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: FYI: spam/viruses originating from apache.org
Posted by "Roy T. Fielding" <fi...@apache.org>.
> You wouldn't believe how many are being caught on their way to
> apache.org
> addresses; my spamfilter also catches messages bearing this virus.
> Thousands per day. Hundreds alone to people like myself, Roy, Ralf,
> and
> many jakarta mailing lists.
>
> Many of the messages do not have attachments, though, oddly enough, and
> those aren't caught. I don't see a reliable pattern to match them on;
> I
> don't want to block all messages that say "Approved" for example. :)
Yeah, I get hundreds a day and dozens more auto-responders responding
to worm mail sent out as "From: fielding@ics.uci.edu" just because
that address is in the RFCs I wrote. A lot of the messaged without
attachments are being forwarded by UCI after their virus checker
has stripped them.
BTW, feel free to block all e-mail with that address in From -- I never
use it to send mail.
....Roy
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: FYI: spam/viruses originating from apache.org
Posted by Brian Behlendorf <br...@collab.net>.
On Mon, 2 Jun 2003, Bertrand Delacretaz wrote:
> FYI, I have received a spam/virus email apparently from someone
> @apache.org, and I also got a virus scanner response at my @apache.org
> address, indicating that some weird message has been sent with
> bdelacretaz@apache.org as the originator.
>
> If anyone wants to investigate further I have stored the messages, but
> I don't think there's much that can be done about it.
There's nothing - it's the same ol Sircam virus, using email addresses
found in web page caches, etc.
You wouldn't believe how many are being caught on their way to apache.org
addresses; my spamfilter also catches messages bearing this virus.
Thousands per day. Hundreds alone to people like myself, Roy, Ralf, and
many jakarta mailing lists.
Many of the messages do not have attachments, though, oddly enough, and
those aren't caught. I don't see a reliable pattern to match them on; I
don't want to block all messages that say "Approved" for example. :)
Brian
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: FYI: spam/viruses originating from apache.org
Posted by Bertrand Delacretaz <bd...@codeconsult.ch>.
Le Lundi, 2 juin 2003, à 17:54 Europe/Zurich, Sander Temme a écrit :
> ...I got one of those bounces on another e-mail address. Aren't those
> manifestations of that worm variant that proliferates using the
> entries in
> the victim's address book as From: address?
>
> Such as:
>
> http://securityresponse.symantec.com/avcenter/venc/data/
> w32.klez.gen@mm.html
You're most probably right - sorry for the noise, I thought there might
be some gigantic plot by the Forces Of Software Evil going on ;-)
-Bertrand
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: FYI: spam/viruses originating from apache.org
Posted by Sander Temme <sa...@temme.net>.
on 6/2/03 4:56, Jeff Trawick at trawick@attglobal.net wrote:
> FWIW, I received a couple of could-not-deliver messages this a.m. for
> messages that supposedly came from my e-mail address but that I didn't
> send. I wonder how many got through and how many complaints I can
> expect to receive.
I got one of those bounces on another e-mail address. Aren't those
manifestations of that worm variant that proliferates using the entries in
the victim's address book as From: address?
Such as:
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm.html
(look about 2/3 down the page)
S.
--
sander@temme.net http://www.temme.net/sander/
PGP Fingerprint: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: FYI: spam/viruses originating from apache.org
Posted by Jeff Trawick <tr...@attglobal.net>.
Bertrand Delacretaz wrote:
> FYI, I have received a spam/virus email apparently from someone
> @apache.org, and I also got a virus scanner response at my @apache.org
> address, indicating that some weird message has been sent with
> bdelacretaz@apache.org as the originator.
FWIW, I received a couple of could-not-deliver messages this a.m. for
messages that supposedly came from my e-mail address but that I didn't
send. I wonder how many got through and how many complaints I can
expect to receive.
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org