[nSLUG] Strategies for fighting spam and Win32 email viruses via dialup

Donald Teed dteed at artistic.ca
Tue Jul 1 11:42:42 ADT 2003

Virus filtering works.  Spam filtering is fuzzy logic.
My ISP for email will always flag eBay auction win notices
and most On-line purchase confirmation notices as {Spam}.

One corporate place I emailed had their spam filter triggered by the
mere mention of "clock" which matched some filter designed
to screen out spam regarding getting a larger one.  Fortunately
the sysadmin there discovered it and told me I'd have to
resend the email.

Spam is a problem for end users and for email servers.
The pure volume of it has made an impact on the reliability
of email services.  I think the only solution is going to
be to have a new protocol for email involving certificates
of authenticity or something like it.

--Donald Teed

On Tue, 1 Jul 2003 bdavidso at supercity.ns.ca wrote:

> Hi:
> I hate to sound like a broken record, but this is precisely why I think
> virus filtering (and, to a degree, spam filtering) should be done at the
> server, not the client.  If the mail server detects and quarantines or
> discards virus-laden emails, then they never clog up a mailbox and dialup
> users don't have to waste bandwidth downloading crap.
> To the best of my knowledge, none of my customers ever received the
> Sobig.E virus, or Bugbear.B, which is another "popular" virus right now.
> That is, I have seen no instances of those virii originating from an IP
> address in our pool.  We use clamav (free) and amavis-perl to scan all
> email traffic.  We may have been a little lucky that our virus definition
> updates were detetcting those virii before any of our clients were
> affected.  On the other hand, I have seen a ton of infected traffic
> intended for my customers, originating from major networks (Eastlink,
> Sympatico, Telus, etc.), which our virus scanner caught.
> If your ISP is passing this stuff on to you, you should complain long and
> loud.  If they want money to filter virii, find anothe ISP.
> On Mon, 30 Jun 2003, George N. White III wrote:
> > My CCN dialup account has been getting hammered by the Sobig.E virus. This
> > one started around Wed. last week, and every time I log in, my email quota
> > is filled.  Usually the rate of virus emails declines quickly as people
> > put in filters, but this one seems to have beaten the filters somehow
> > (maybe they are coming from an infected machine at a location that the CCN
> > filters "trust").
> >
> > Most anti-spam and anti-virus strategies involve filtering the message
> > contents, which clearly isn't feasible on a ppp link when the message
> > volume exceeds the link capacity.  Are there filters that work with a
> > pop server using only the headers?  One strategy would be to have a
> > secret address for anyone sending large attachments, and a filter that
> > rejects any message with a large attachment sent to the regular address.
> >
> >
> -- 
> Bill Davidson
> bdavidso at supercity.ns.ca
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug

More information about the nSLUG mailing list