Virus on the list [Was: Re: Thanks :)]
David Relson
relson at osagesoftware.com
Fri Oct 29 23:16:37 CEST 2004
On Fri, 29 Oct 2004 13:24:17 +0100
Laurence wrote:
> Johannes Klug wrote:
> > Is this a virus or what?
>
> My server filtered it as Win32.Bagle.AX at mm.
>
> Laurence
Yes, the bogofilter mailing list passed on a virus. Here's what I know:
At 05:37:19 (-0400), there two SMTP connections were made from
195.227.24.100 to bogofilter.org. The first message was sent to
"bogofilter at bogofilter.org" and spoofed a real subscriber -- me! The
second message was from "bogofilter at bogofilter.org" to
"bogofilter-dev at bogofilter.org".
The first message was forwarded to everyone on the bogofilter-users
list, while the second was trapped as "non-subscriber message" for admin
action.
The mail server is running postfix, procmail, and mailman. Either
mailman is vulnerable to spoofed addresses or it's configured wrong. If
anybody has suggestions on hardening the delivery environment to avoid
this happening again, feel free to contact me.
Needless to say, I am rather embarrassed that it was _my_ address that
was spoofed and deeply regret that this happened.
Regards,
David
More information about the Bogofilter
mailing list