LISTSERV - HP3000-L Archives

HP3000-L Archives

February 2004, Week 1

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L February 2004, Week 1

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: This list & virus attachments /standards
From:	Jeff Kell <[log in to unmask]>
Reply To:	Jeff Kell <[log in to unmask]>
Date:	Tue, 3 Feb 2004 00:08:48 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (50 lines)

Greg Stigers wrote:

> Since others are touting their successes with antiviral and antispam
> services, I felt that, as a happy customer, I should put in a good word for
> spamcop.net. I pay $30 per year for this address. They do offer services to
> businesses as well. I believe that I average one Asian spam a week, which
> listmembers almost certainly also get.

We spend a small amount (well, included with other services) for spam
control and have better success than some major ISPs (where I have
unlisted and unused accounts).  We block a great deal at the border
router, where an ACL is created via a script that includes SPEWS and
SPAMHAUS (SBL) subnet blacklists (the single-entry hosts aren't that
effective and really push our router config/hardware limits).  For
incoming SMTP connections, we reject ~90% (not saying 90% is spam, since
the sender may of course retry, but the 'attempts' are 90% blocked).

Our primary campus mailer is now Novell's NetMail, which has hooks for
both anti-virus (McAfee) and DNS-RBL based blacklists (we use
cbl.abuseat.org, dnsbl.njabl.org, and sorbs.org).  That blocks about
half the spam, and almost all viruses (except zero-day exploits).

Raven is a bit of an exception, it doesn't do the DNS-RBL thing, but it
is protected by the router ACLs and strips attachments.  I know many of
you have reached panic levels and obfuscated your addresses, but it
isn't due to viruses being posted to the list, or anyone getting our
mailing list (archives are restricted to subscribers, subscriber list is
only available to Stan and me).  But the comp.sys.hp.mpe newsgroup is of
course cataloged by Google.

When we get a breather in time, Atmarian-calendar style, we are moving
Raven to a new server on the latest release, and it will have virus
scanning included.  We also plan a front-end MX server than can bring
the DNS-RBLs into play as well.

As for MyDoom.A/B, we've received tens of thousands, but had less than a
dozen machines infected, and discovered them and shutdown their network
access early so that when Feb 1 rolled around, nothing happened here
(and I was watching, with baited traps, but nothing appeared).

Of course it is a never-ending battle, we win a few, we lose a few, but
all in all it is getting better (perhaps because more FTE effort is
being put into network security, and/or previously-burned users are
really learning not to blindly click attachments).

Jeff

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU