WARNING: Norton Antivirus informs me that messages from the following people in today's Paddlewise mail all contained the W32.Bugbear worm, apparently in an attachment (I didn't open the messages): Dave Kruger Steve Holtzman Jochen Grikschat Please run an up-to-date virus check on your computers. This worm apparently is spreading fast. (moderator note - this virus was discovered September 30, 2002. If you haven't updated your antivirus rules in the last 48 hours go do it....) Chuck Holst *************************************************************************** PaddleWise Paddling Mailing List - Any opinions or suggestions expressed here are solely those of the writer(s). You must assume the entire responsibility for reliance upon them. All postings copyright the author. Submissions: PaddleWise_at_PaddleWise.net Subscriptions: PaddleWise-request_at_PaddleWise.net Website: http://www.paddlewise.net/ ***************************************************************************
Chuck, Please check the headers on the emails that you received. You will find that the emails supposedly from me and the ones from Dave Kruger did not originate on our computers. There are several worms and other vir*s out there that "spoof" email addresses. In other words, if you are infected, before sending themselves out, they will pick a return address from your Netscape, Outlook, or Outlook Express address book and show that as the return address. The emails saying they were from me actually came from an ISP that is in New Zealand. Last time I checked, that is not a suburb of Southern California where I live. It's a good idea to check your emails with updated antivirus software, but let's be careful who we are blaming in print, when that may not be accurate. Steve ----- Original Message ----- From: "Chuck Holst" <cholst_at_bitstream.net> > WARNING: Norton Antivirus informs me that messages from the following > people in today's Paddlewise mail all contained the W32.Bugbear worm, > apparently in an attachment (I didn't open the messages): > > Dave Kruger > Steve Holtzman > Jochen Grikschat *************************************************************************** PaddleWise Paddling Mailing List - Any opinions or suggestions expressed here are solely those of the writer(s). You must assume the entire responsibility for reliance upon them. All postings copyright the author. Submissions: PaddleWise_at_PaddleWise.net Subscriptions: PaddleWise-request_at_PaddleWise.net Website: http://www.paddlewise.net/ ***************************************************************************
On Tue, Oct 01, 2002 at 12:12:09PM -0500, Chuck Holst wrote: > WARNING: Norton Antivirus informs me that messages from the following > people in today's Paddlewise mail all contained the W32.Bugbear worm, > apparently in an attachment (I didn't open the messages): Just to be completely clear about this, mail submitted to the Paddlewise list, and distributed from there out to the list's subscribers, will not carry an attached virus of any form whatsoever. That this is the case is a by-product of the scripts used (or, more correctly, one script in particular) to run the list. The moderator can confirm this. What is referred to above as "Paddlewise mail" is (I believe) including all mail with the "[Paddlewise]" prefix in the Subject: header. Such mail can come from sources other than the list server itself. It could be legitimate private mail from a fellow list subscriber that simply maintains the Subject: header of a message originating in the list. Or it could be, as is the case of the worm-ridden mail in question, something else entirely. If you wish to filter messages originating on the Paddlewise server into a separate folder, then your filter, if it is to operate reliably, needs to trigger on the following message header: Sender: owner-paddlewise_at_paddlewise.net Simply filtering based on "[Paddlewise]" in the Subject: header won't do the trick. The point of the above being, that PaddleWise and other properly run lists don't spread viruses, worms, or other vermin. And to provide a definitive method of filtering this list's mail, if you wish to do so (the definite part stems from Paddlewise being a Majordomo administered list, and the Sender: header being that software's "header signature"). Pardon the non-kayak-related technical aside, but I thought it might allay some potential fears and inform the curious. -.- jwd *************************************************************************** PaddleWise Paddling Mailing List - Any opinions or suggestions expressed here are solely those of the writer(s). You must assume the entire responsibility for reliance upon them. All postings copyright the author. Submissions: PaddleWise_at_PaddleWise.net Subscriptions: PaddleWise-request_at_PaddleWise.net Website: http://www.paddlewise.net/ ***************************************************************************
On Tue, 1 Oct 2002 23:17:26 -0500, "James W. Durkin" <jwd_at_phonogram.net> said: I haven't been commenting publicly on this thread because any comments I would have made, had already been covered. I did include a few embedded comments in posts I forwarded that got trapped by the filters. > If you wish to filter messages originating on the Paddlewise server > into a separate folder, then your filter, if it is to operate > reliably, needs to trigger on the following message header: > > Sender: owner-paddlewise_at_paddlewise.net > > Simply filtering based on "[Paddlewise]" in the Subject: header won't > do the trick. Even that filter isn't guaranteed, against one of the email header forging virii. It is the best filter I am aware of. I regularly get bounces of virii being sent to dead mailboxes claiming to be from owner-paddlewise_at_paddlewise.net - admittedly in those cases the From: address is what has been forged. Only email coming in from the host paddlewise.net aka cyclone.muddypuppies.com is from paddlewise. There's a very legitimate reason that Melissa pgp signs her email... If the signature doesn't match it's not really from her. Kirk -- http://fastmail.fm - One of many happy users: http://www.fastmail.fm/docs/quotes.html *************************************************************************** PaddleWise Paddling Mailing List - Any opinions or suggestions expressed here are solely those of the writer(s). You must assume the entire responsibility for reliance upon them. All postings copyright the author. Submissions: PaddleWise_at_PaddleWise.net Subscriptions: PaddleWise-request_at_PaddleWise.net Website: http://www.paddlewise.net/ ***************************************************************************
This archive was generated by hypermail 2.4.0 : Thu Aug 21 2025 - 16:33:31 PDT