on Wed, Nov 21, 2001 at 10:45:40PM -0500, Michael P. Soulier ([EMAIL PROTECTED]) wrote: > On Wed, Nov 21, 2001 at 05:55:21PM -0800, Karsten M. Self wrote: > > > > I'd suggest a massive response (that is, many people, not one person > > replying many times) to the postmaster address, or other WHOIS contacts > > listed if postmaster is invalid (an RFC 822 violation, FWIW). > > > > This practice is to be strongly discouraged. As with a nuclear chain > > reaction, it can rapidly get out of hand. > > Post the email address to complain to and I'll be glad to.
The following is results of analysis on headers in AV notices posted
here:
1: "Antigen found Aliz.4096 Worm..."
Note that the 'From' header was likely malformed, mine has
substituted my ISP's POPD server for the host/domain portion of the
address.
From: [EMAIL PROTECTED]
To: debian-user@lists.debian.org
Subject: Antigen found Aliz.4096.Worm (Norman,Sophos) virus
'Received' indicates 206.98.143.251 as the originating IP. This
doesn't resolve, but WHOIS indicates a Cable & Wireless customer,
COX Enterprises (NETBLK-CW-206-98-142). Administrative contact:
Christian Rohde <[EMAIL PROTECTED]>
2: "Antigen found W32/[EMAIL PROTECTED] (McAfee4) virus"
At least the header looks properly formed.
From: ANTIGEN_SSEXCH-00-IMC1 <[EMAIL PROTECTED]>
To: "'debian-user@lists.debian.org'" <debian-user@lists.debian.org>
Subject: Antigen found W32/[EMAIL PROTECTED] (McAfee4) virus
Date: Wed, 21 Nov 2001 18:06:24 -0000
'Received' indicates 193.126.192.195 as originating IP, WHOIS points
to Instituto de Informatica e Estatistica da Solidariedade
(Portugal).
Contacts given are:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
3: "Virus incident"
From: YODA Panda Antivirus for Exchange Server
<[EMAIL PROTECTED]>
To: "'debian-user@lists.debian.org'"
<debian-user@lists.debian.org>
Subject: Virus incident
Date: Wed, 21 Nov 2001 19:02:12 +0100
'Received' indicates 212.105.56.131 as originating IP. WHOIS points
to Netblock of Satisfactory International AB
Contacts:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
There's a note to the list indicating a columbia.edu origin, but I
don't find any messages in my archive.
Posting appropriate comments to the vendors producing the broken
software in the first place would also be helpful.
Antigen is produced by Sybari Software:
http://www.sybari.com/
President is Robert Wallace: [EMAIL PROTECTED]
Yoda appears to be made by Panda Software:
http://www.pandasoftware.com/
[EMAIL PROTECTED]
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? Home of the brave
http://gestalt-system.sourceforge.net/ Land of the free
Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org
Geek for Hire http://kmself.home.netcom.com/resume.html
pgpyKuH6NfvGc.pgp
Description: PGP signature
