[Techtalk] stopping outgoing virus mail
Brenda Bell
k15a-list-linuxchix at theotherbell.com
Tue Mar 18 09:39:43 EST 2003
Quoting Carla Schroder <carla at bratgrrl.com>:
> OK, I wasn't clear- this is in addition to using antivirus
> software, I can't
> imagine any admin being foolish enough to think they can skate by
> without it!
> What I'm trying to figure out if there is a way to identify
> virus-sent
> emails. Let's say it's a brand-new virus and the AV software misses
> it,
> having a nice egress filter to catch the little buggers would be a
> lovely
> thing.
I'm not a virus expert but you may be able to do firewall rules to
block outbound email generated by viruses that have their own SMTP
engine (Ganda). If you have a mail server running inside your
firewall, then all outbound traffic with a destination of port 25
should originate at the mail server -- never from a client IP address.
However, this breaks down if clients have other legitimate software
with built-in SMTP capabilities (IIS or PWS, heaven forbid :)
--
Brenda
http://opensource.theotherbell.com
More information about the Techtalk
mailing list