[Esa-l] Question for ISPs...

Jeffrey S. Gavin jeff at ezclick.net
Fri Aug 17 07:41:01 PDT 2001


I own/operate a small ISP (~1500 accounts), and have considered using 
your tools.  Once I realized how the tool mangles attachments I backed 
off.  It would be nice to mangle attachments for selective customers, 
but not for all of them, and then not for all attachment types.

The funny thing about today's ISP customer is that they are just as 
likely to use the free hotmail/yahoo e-mail as they are to use the local 
ISP mail system.  20% of my customers do not even use their ISP e-mail 
account.  I had one customer call me and complained that he was getting 
e-mail from himself and was mad because it was maxing out his Yahoo mail 
box.  It turns out he had Outlook Express setup with his Yahoo address 
stored in his address book.  He infected himself with SirCam and sent it 
to himself (and probably infected himself again).

This means I could really use an outgoing filter to block things like 
SirCam, Hybris, and MTX which are the 3 major viruses that have just 
keep hanging around, even after they are blocked from the Incomming side 
of sendmail.

Another thing unique about ISP's is that we constantly sign-up people 
everyday as they move into town (this is a college town, lots of 
turnover), or as they switch from our compitition.  These computers have 
often been hooked up to the Internet, and could possibly be infected as 
they hook up for the first time with me.  It would be cool if your tool 
could interface with our radius/accounting server to determine the exact 
user that is trying to send a virus attachment.

Well, I didn't mean to go on so long.  I hope my input can help you.

Jeff Gavin
jeff at ezclick.net

John D. Hardin wrote:

> Would it be helpful for me to suggest configurations that allow you to
> define opt-out lists for things like document mangling and .EML
> (RFC-822 attachment) mangling?
> Or, alternatively, if somebody has already set up easy-to-manage
> opt-out processing like this, would you care to share it with the rest
> of us?
> Thanks.
> --
>  John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
>  jhardin at impsec.org        pgpk -a finger://gonzo.wolfenet.com/jhardin
>   768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
>  1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
>   In 1998 more than three times as many people in the US were killed
>   by incompetent physicians than were killed by handguns, yet the
>   President of the A.M.A. is adopting "gun safety" as his platform.
> -----------------------------------------------------------------------
>    1174 days until the Presidential Election
> _______________________________________________
> E-mail Security Announce list mailing list
> E-mail Security Announce list at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esa-l

More information about the esd-l mailing list