[Techtalk] stopping outgoing virus mail

Brenda Bell k15a-list-linuxchix at theotherbell.com
Tue Mar 18 09:39:43 EST 2003


Quoting Carla Schroder <carla at bratgrrl.com>:

> OK, I wasn't clear- this is in addition to using antivirus
> software, I can't 
> imagine any admin being foolish enough to think they can skate by
> without it! 
> What I'm trying to figure out if there is a way to identify
> virus-sent 
> emails. Let's say it's a brand-new virus and the AV software misses
> it, 
> having a nice egress filter to catch the little buggers would be a
> lovely 
> thing.

I'm not a virus expert but you may be able to do firewall rules to
block outbound email generated by viruses that have their own SMTP
engine (Ganda).  If you have a mail server running inside your
firewall, then all outbound traffic with a destination of port 25
should originate at the mail server -- never from a client IP address.
 However, this breaks down if clients have other legitimate software
with built-in SMTP capabilities (IIS or PWS, heaven forbid :)

-- 
Brenda
http://opensource.theotherbell.com



More information about the Techtalk mailing list