[sustran] Re: Virus on sustran-discuss
Alan Patrick Howes
APHOWES at dm.gov.ae
Sat Jan 11 16:05:09 JST 2003
Thanks Paul - if I recollect correctly the copy of Kisan's message I
received at home DID have a malicious attachment - I will check when I get
home today, but I fear I may have deleted it anyway - and I have just
installed some new AntiVirus software which would probably have zapped it
anyway.
Does the majordomo software strip off attachments anyway? If not, can it be
made to do so?
Of course, I am assuming the message I got, apparently from "Kisan Mehta
[je at swisscontact.ph]", did actually come via sustran-discuss - though
looking at the message headers on the copy at work I think it did.
Cheers, Alan.
--
Alan P Howes, Special Transport Advisor,
Dubai Municipality Public Transport Department
aphowes at dm.gov.ae
http://vgn.dm.gov.ae/DMEGOV/dm-mp-transportation
Tel: +971 4 286 1616 ext 214
Mobile: +971 50 5989661
> -----Original Message-----
> From: Paul Barter [mailto:geobpa at nus.edu.sg]
> Sent: Sat, 11 January, 2003 09:52
> To: sustran-discuss at jca.ax.apc.org
> Subject: [sustran] Re: Virus on sustran-discuss
>
>
> Dear sustran-discussers
>
> Regarding Alan's message in response to yesterday's suspicious message
> from "Kisan Mehta [je at swisscontact.ph]"...
>
> Correct me if I am wrong but as far as I can tell no
> malicious code came
> through to sustran-discuss... At least not to me. And my university
> filters usually alert me when they intercept such attachments. I agree
> with Alan that it certainly does look like other messages in
> recent days
> which have had malicious attachments. Perhaps there are safeguards
> somewhere in the system which hosts sustran-discuss, and perhaps they
> worked in this case?
>
> The detailed headers of the message suggest it came from Kisan rather
> than Swiss Contact, despite the email address it 'apparently'
> came from.
> Therefore yesterday I immediately took the precaution of suspending
> Kisan temporarily from the list and have also now alerted him to the
> potential problem.
>
> I will try to investigate the anti-virus status of JCA networks which
> hosts sustran-discuss but I suspect that with the simple majordomo
> software the safeguards are probably not very sophisticated. I do know
> that the simple filter I have set up that stops large messages does
> often catch malicious attachments and benign ones alike.
>
> Nevertheless, as a general rule please do not send attachments through
> sustran-discuss and also do not open attachments from sustran-discuss,
> since no legitimate attachments should be appearing here. In general,
> ALWAYS be very cautious about clicking on attachments.
>
> All the best
>
> Paul
>
>
> Dr Paul Barter
> Fellow in the Department of Geography and the Public Policy Programme
> National University of Singapore
> 1 Arts Link, Singapore 117570
> Tel: +65-6874 3860; Fax: +65-6777 3091
> E-mail: geobpa at nus.edu.sg
>
> -----Original Message-----
> From: owner-sustran-discuss at jca.ax.apc.org
> [mailto:owner-sustran-discuss at jca.ax.apc.org] On Behalf Of
> Alan Patrick
> Howes
> Sent: Saturday, 11 January 2003 11:48 AM
> To: 'sustran-discuss at jca.ax.apc.org'
> Subject: [sustran] Virus on sustran-discuss
>
>
> I'm not sure what the following means - but when I got a message with
> the same headers on my home machine it seemed to have a
> malicious attachment. My server at work would stop such attachments.
>
> Surely the sustran-discuss server should filter out such stuff?
>
>
> --
> Alan P Howes, Special Transport Advisor,
> Dubai Municipality Public Transport Department
> aphowes at dm.gov.ae
> http://vgn.dm.gov.ae/DMEGOV/dm-mp-transportation
> Tel: +971 4 286 1616 ext 214
> Mobile: +971 50 5989661
>
> -----Original Message-----
> From: Kisan Mehta [mailto:je at swisscontact.ph]
> Sent: Thu, 09 January, 2003 04:00
> To: undisclosed-recipients
> Subject: [sustran] Re: Reply on account for IIS-Security
>
>
> Restricted area response team (RART)
>
>
>
> Attachment you sent to Kisan Mehta is intended to overwrite start
> address at 0000:HH4F
> To prevent from the further buffer overflow attacks apply the
> MSO-patch
>
>
>
More information about the Sustran-discuss
mailing list