Tech Journalist Hiawatha Bray has written an interesting article about the MyDoom worm that is now making its way around the Internet.
Like many people, I received a lot of e-mail as a result of this worm — more than 45 messages at last count. So I finally decided to do something about it.
On Saturday, I installed the program MIMEDefang on my FreeBSD mail server. MIMEDefang lets you run a perl script for every incoming message and make a decision — before the email is accepted by your mail server — if the message should be accepted or not. This is cool — it keeps the mail from ever invading your mail server in the first place.
First thing I did was set up MIMEDefang to automatically run SpamAssassin on every incoming e-mail message, and bounce those that it identifies as spam. That immediately cut down my spam load.
Next, I downloaded the Network Associates Virus Scan for FreeBSD. It’s available from the FreeBSD Ports collection. I just typed “make install” and —wham— it was installed. (Of course, I had to manually go to the NAI website and download the latest Virus definition files.)
So here’s where it gets interesting. MIMEDefang automatically noticed that VirusScan was installed and started using it!
Between 1:40am and 9:38am, 51 copies of the worm were blocked from my system.
So I know that the worms are getting really bad out there, but I probably won’t be writing about them much more. I’ve decided to opt-out of the worm culture.
(My editor was surprised that I wasn’t running anti-virus before this. Truth be told, I didn’t think that I needed it — I read most of my email on a mac. And there is a little check-box that I checked on the one Windows machine that I use to read email; the check-box said something like “don’t run worms.” I’m not really sure why other people don’t check that box, but they don’t.)