From owner-freebsd-hackers  Fri May  5  2:26:19 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from gallions-reach.inpharmatica.co.uk (gallions-reach.inpharmatica.co.uk [193.115.214.5])
	by hub.freebsd.org (Postfix) with ESMTP id 0E3A137B66F
	for <hackers@FreeBSD.ORG>; Fri,  5 May 2000 02:26:13 -0700 (PDT)
	(envelope-from m.seaman@inpharmatica.co.uk)
Received: from mailhost.inpharmatica.co.uk (euston.inpharmatica.co.uk [193.115.214.6])
	by gallions-reach.inpharmatica.co.uk (8.9.3/8.9.3) with ESMTP id KAA26800;
	Fri, 5 May 2000 10:25:47 +0100 (BST)
	(envelope-from m.seaman@inpharmatica.co.uk)
Received: from paddington.inpharmatica.co.uk (IDENT:root@paddington.inpharmatica.co.uk [192.168.122.1])
	by mailhost.inpharmatica.co.uk (8.9.3/8.9.3) with ESMTP id KAA51322;
	Fri, 5 May 2000 10:25:47 +0100 (BST)
	(envelope-from m.seaman@inpharmatica.co.uk)
Received: from inpharmatica.co.uk (IDENT:matthew@localhost [127.0.0.1])
	by paddington.inpharmatica.co.uk (8.9.3/8.9.3) with ESMTP id KAA00949;
	Fri, 5 May 2000 10:25:46 +0100
Message-ID: <3912939A.9EEC1879@inpharmatica.co.uk>
Date: Fri, 05 May 2000 09:25:46 +0000
From: Matthew Seaman <m.seaman@inpharmatica.co.uk>
X-Mailer: Mozilla 4.61 [en] (X11; I; Linux 2.2.4 i586)
X-Accept-Language: en-GB, en
MIME-Version: 1.0
To: Taavi Talvik <taavi@uninet.ee>
Cc: Jeremiah Gowdy <jgowdy@home.com>,
	Matthew Dillon <dillon@apollo.backplane.com>,
	Lloyd Rennie <lloyd@vbc.net>, hackers@FreeBSD.ORG
Subject: Re: ILOVEYOU
References: <Pine.BSF.3.95.1000504205419.26609A-100000@ns.uninet.ee>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Taavi Talvik wrote:
> 
> On Thu, 4 May 2000, Jeremiah Gowdy wrote:
> 
> > > Yes, it was real virus and quite nasty one. Which remainds us,
> > > that quite soon we cannot live without freebsd naitive virus
> > > scanning engine. Such things don't spread so easily, when ISPs
> > > are able to scan e-mail and other content they serve.
> 
> > lol.  The only way you could really have a virus in freebsd is if it was
> > launched or infected as root.  Otherwise the virus would be VERY limited.
> > If you are talking about scanning incoming email for viruses/scripts that
> > were destined for Windows computers, ok, I'd say that's not a bad idea.
> 
> Yes, I was talking about virus scanning on behalf of Windows users.
> Anyway, most files, emails, web pages are served or pass through
> unix (and quite often *BSD) systems. There seems to be program
> called AMAVIS (http://satan.oih.rwth-aachen.de/AMaViS/amavis.html), which
> can do some scanning. It probably needs some investigation and
> freebsd porting.

BTDT.  Grab procmail out of ports, and wander along to
ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html for some
pre-canned recipies that will block e-mails with this infection.

Worked perfectly here.

	Matthew

-- 
           Certe, Toto, sentio nos in Kansate non iam adesse.

   Dr. Matthew Seaman, Inpharmatica Ltd, 60 Charlotte St, London, W1P 2AX
            Tel: +44 171 631 4644 x229  Fax: +44 171 631 4844


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message