On Thu, 28 Aug 2003 21:35, Karsten M. Self wrote: > Which is a damned good reason for Debian not to package > viruses and spam mailers. Or tools which can be readily subverted as > such.
My Postal program can be used for DOS attacks on mail servers, and has been used for such on at least one occasion (*). I disagree with your conclusions regarding putting viruses in Debian. I think it would be a useful service for people who analyse such things to have copies of viruses in usable form. I am not requesting them only because arbitary archives of files don't belong in Debian. Debian packages are for programs that comprise parts of the distribution and for data files used for them, not arbitary other data. I believe that Linux based tools for auditing network security belong in Debian. We rightly have nmap and nessus, other tools of a similar nature also belong in Debian. If DMCA issues prevent distribution of such things through the US then they can go in non-US. (*) An idiot complained to me because the URL for Postal was in the headers of the thousands of messages they received. It didn't occur to them that the URL was there to inform any victim of an attack of what they were facing, and is also intended to be a conveniant header string that can be blocked in a mail server to stop such an attack. Presumably other more intelligent people had their servers attacked by Postal and were smart enough to configure their header checks without bothering me. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
