BRIAN@UC780 (Brian D. McMahon) (07/01/89)
The following recently appeared on INFO-VAX; I have no further information. Can anyone confirm/deny/elaborate? >Date: 26 JUN 89 22:05:24.55-GMT >From: INFOVAX@FRIPN51.BITNET >To: INFO-VAX@KL.SRI.COM >Subject: RE: automatic mail answering service : WARNING, MAY BE VIRUS > >TAKE CARE: the program VACATION (distributed on a mailing list) is a >potential VIRUS for ALL the people registered on this list if used >with no modifications. It will reply to the list, so to itself...and >so on... And you will be on vacation, so you will not stop it quickly. >Suppose just a few people of INFO-VAX use this program, and imagine >the disaster, because it will also reply to all the mailing send by >all the runing copy of this monstrosity. >Surely it was not the will of the author of VACATION, but this >program IS A VIRUS ! > >Bernard PERROT >Institut de Physique Nucleaire >Orsay - France - [Ed. It appears to me to be more a case of an infinite mail loop than anything that could be called a virus. I frequently get messages on VIRUS-L/comp.virus which are sent from a VACATION program (VMS or Unix). Since VIRUS-L is moderated, however, I merely delete the message. If the message goes out to the list, and the VACATION program replies, you have an endless cycle. Use any VACATION program very cautiously.]
ZDEE699@ELM.CC.KCL.AC.UK (07/07/89)
In VIRUS-L Digest, Monday, 3 Jul 1989, Volume 2 : Issue 147, Brian D. McMahon <BRIAN@UC780> writes: >The following recently appeared on INFO-VAX; [...] > >>Date: 26 JUN 89 22:05:24.55-GMT >>From: INFOVAX@FRIPN51.BITNET >>To: INFO-VAX@KL.SRI.COM >>Subject: RE: automatic mail answering service : WARNING, MAY BE VIRUS >> >>TAKE CARE: the program VACATION (distributed on a mailing list) is a >>potential VIRUS for ALL the people registered on this list if used >>with no modifications. It will reply to the list, so to itself...and >>so on... And you will be on vacation, so you will not stop it quickly. [...] >> >>Bernard PERROT >>Institut de Physique Nucleaire >>Orsay - France - The moderator of VIRUS-L, Kenneth van Wyk answers: >[Ed. It appears to me to be more a case of an infinite mail loop than >anything that could be called a virus. [...] [...] > If the message goes out to the list, and the VACATION >program replies, you have an endless cycle. As Ken van Wyk said, this is a case of infinite mail loop. There is probably nothing wrong with the VACATION program, and the remedy lies in the list moderator/management's side. To avoid this problem of infinite mail loop when VACATION is run, or a gateway is shutdown, many fileservers use a different address to receive commands and to send information. So if the data is returned to the sender (in this case the listserver), it ends-up in a different account and is NOT sent back again. Examples: send commands to: <NISTLIB@GOV.NIST.NCSL.CMR> and the server answers with id: <NISTLIBD@GOV.NIST.NCSL.CMR> so if the data "bounces back", it is returned to the id NISTLIBD where it is not processed again, and dies there. send articles to: <uk-virus-l@uk.ac.hw.cs> and the distribution is with id: <uk-virus-l-request@uk.ac.hw.cs> etc. etc. The point is that for some reason (can you explain, Ken ?) bitnet listservers use the same ID to send and receive mail. Before VIRUS-L was moderated, messages bouncing back from gateways were redistributed again since the return path for bounced messages was the sender: <VIRUS-L@LEHIIBM1.BITNET> Now, I believe that most of the time, the messages are sent by the moderator, to the postmaster of the remote site, who sorts-out the problem with the user on the remote computer. But few lists are moderated, and perhaps it could be time to think about a way to stop these loops which I agree are very irritating to other users. Olivier Crepin-Leblond Computer systems & Electronics, Dept. of Elec. Engineering, King's College London, England ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |Olivier M.J. Crepin-Leblond | - If no-one can do it | |JANET : <zdee699@uk.ac.kcl.cc.elm> | then do it yourself | |BITNET : <zdee699%elm.cc.kcl.ac.uk@ukacrl> | - If you can't do it, | |INTERNET: <zdee699%elm.cc.kcl.ac.uk@uk.ac.nsfnet-relay>| then P A N I C ! ! | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^