MyDoom
Gene C.
czar at czarc.net
Sat Jan 31 06:21:30 UTC 2004
The Red Hat mailing lists have always been pretty good about filering out spam
and viruses. However, this MyDoom thing looking like it is sneaking through.
looking at the message headers, it appears to me that Red Hat external
sendmail may be set up to accept mail from the outside without filtering if
it is from a valid @redhat.com user.
I have not taken a look at these messages except for the last one but it
appears that it is faking out the Red Hat sendmail server by telling it the
host is redhat.com even if the ip address and reverse lookup do not match.
Besides using lots of bandwidth, this one must be driving all of the ISPs and
companies nuts if it is getting through Red Hat's systems given prior history
of being able to block this stuff. Lots of aggravation of lots of folks.
BTW, should this stuff be cleaned from (removed from) the archives since it is
archiving lots of copies of of this virus which could bite unwary users.
--
Gene
More information about the test
mailing list