[Esd-l] Badtrans as nauseam (Was: badtrans ad infinitum)

[Chris Payne]

It is times like these that I check my email on my OS/2 Warp4
or my Linux workstations and not on a Windoze PC.

John, thank you again for providing the tool which has prevented
more than 1,000 infections since its installation on my mail
server.

- Chris



On Wed, 28 Nov 2001 12:04:04 -0700, Brett Glass wrote:

>At 07:49 AM 11/28/2001, John D. Hardin wrote:
>  
>>My quarantine overfloweth.
>>
>>Does anybody know BillG's email address so we can all do something
>>useful with these damned things?
>
>It's billg at microsoft.com. 
>
>And the problem will get worse. Sircam was prevalent enough, and it 
>did not infect unless the recipient launched an attachment. Badtrans
>doesn't require that, and is also an autoresponder. It therefore is 
>likely to be the most widespread worm yet. Thank <insert name of
>deity of your choice> that it doesn't have a destructive payload
>(like Magistr) and does not obscure the address of the infected
>party (like Hybris). I'm concerned that later mutations WILL do
>these things, which is why I want multiple filters and recipes
>in place. (Still need to learn how to do a recipe that compares
>the envelope "From" address and the From: header.)
>
>--Brett Glass
>_______________________________________________
>Esd-l mailing list
>Esd-l at spconnect.com
>http://www.spconnect.com/mailman/listinfo/esd-l
>


- - 

Chris Payne 
Network Administrator
Physical Resources Dept, 
University of Guelph
(519)824-4120  x2882
cpayne at pr.uoguelph.ca