Re: virus-scan
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 10/23/03
- Next message: David H. Lipman: "Re: Stealth_Boot Virus"
- Previous message: roger: "Stealth_Boot Virus"
- In reply to: Veronica Loell: "Re: virus-scan"
- Next in thread: Veronica Loell: "Re: virus-scan"
- Reply: Veronica Loell: "Re: virus-scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 23 Oct 2003 12:12:50 -0400
Veronica:
Infectors with their own SMTP engine do falsify the IP address. I think the spammers first
picked up on this. They hijack an unwitting platform and generate spam from that infected
PC. Often the source IP is 127.0.0.1 Since that is the IP diagnostic responder address it
is untraceable.
You are right, ISPs don't have the resources nor do they desire to deal with virus laden
email. ISPs *should* have AV software on their email servers but alas, the majority don't.
Don't expect the situation to improve. Expect it to worsen as a function of time.
Dave
"Veronica Loell" <lista-nospam@nakawe.se> wrote in message
news:OV9h5yXmDHA.2080@TK2MSFTNGP10.phx.gbl...
| David H. Lipman wrote:
| > methodologies that virus writers use to generate false sending addresses and infectors
| > having their own NNTP and/or SMTP clients built-in, this is becoming increasingly
| > impossible.
|
| Since it is possible for an ISP to identify their client based on a time
| and an IP-adress, and the fact that a mailserver that recieves a message
| records this information as a "Recieved:"-header your statement seems
| very strange to me. English however is not my first language so I may
| not be understanding you correctly.
|
| What is true is that there are ISP's that either do not have the
| resources to run a good network or are interested in doing so. But that
| is a completely different subject.
|
| If the built-in SMPT-server falsifies its IP-adress, then it will be
| impossible to trace, but as far as I know there are no wild viruses at
| the moment doing that.
|
| Perhaps ISP's all over will take after what the Norweigan ISP Telenordia
| has done and put in place a specific department that deals wiht
| virus-reports. Another option would be that someone else would provide
| this service to smaller ISP's. Quite possibly we will see more tools
| created to aid ISP's in dealing with this sort of issue in a
| cost-effective manner.
|
| - Veronica Loell
|
- Next message: David H. Lipman: "Re: Stealth_Boot Virus"
- Previous message: roger: "Stealth_Boot Virus"
- In reply to: Veronica Loell: "Re: virus-scan"
- Next in thread: Veronica Loell: "Re: virus-scan"
- Reply: Veronica Loell: "Re: virus-scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
