[vox-tech] cron - not at a different time

Ken Bloom vox-tech@lists.lugod.org
Wed, 3 Mar 2004 10:52:19 -0800 

On 2004.03.03 10:13, Peter Jay Salzman wrote:
> On Wed 03 Mar 04, 10:07 AM, Ken Bloom <kabloom@ucdavis.edu> said:
> >
> > >ps- is there a new virus?  all of a sudden, starting from last night
> > >i've gotten a huge ton of emails that say things like:
> > >
> > >   Arggghh, I hate plaintext!
> > >
> > >   Here is your excel file.
> > >
> > >   I don't bite, weah!
> > >
> > >   Your file is attached.
> > >
> > >i normally don't see viruses because i filter based on executable
> > >strings in every win32 executable.  but these viruses seem to be
> > >carrying .zip and .pif payloads which are getting past my filter.
> > >
> > >also, i just got a bounced email, with MY email address on it.  it
> said:
> > >
> > >   I know about you!
> > >
> > >and it was addressed to qmail@hollings.senate.gov, a US senator's
> > >office.  holy cow.  i sure hope the secret service doesn't come after
> > >me!   ;-)
> > >
> > >pete
> > >
> >
> > ClamAV is filtering that virus out for me. I installed ClamAV yesterday
> 
> > morning to handle that problem - apparently the school's virus checker
> > hasn't updated to recognize that virus yet. I also got one from vox
> (which
> > I trust so I don't usually subject it to spam and virus filtering).
> Perhaps
> > we need a virus scanner on the lists even for subscribed members.
> 
> ken,
> 
> from vox?  or do you mean forged to look like it came from vox?  i don't
> recall seeing one from the list...
> 
> i know how to filter based on attachment content (since the content is
> just part of the body).  i need to google for how you filter based on
> attachment name.  i don't recall there being any headers declaring the
> name of attachments...
> 
> pete

It was forged to look like it came from lugod@livepenguin.com, and it wound  
up in my lugod folder (which matches the following condition in maildrop):

if (/^Reply-To: *vox.*lugod/:h ||       \
    /^Subject: .*\[vox/:h )
{
        to $MAILBOX/lugod
}

therefore, I conclude it was actually sent *to* the list.

Moreover, it's in the vox archive at:
http://www.lugod.org/mailinglists/archives/vox/2004-03/msg00014.html

-- 
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.
My key was last signed 10/14/2003. If you use GPG *please* see me about
signing the key. ***** My computer can't give you viruses by email. ***