To send or not to send 'virus in email' notifications?

Tomas Daniska tomas at tronet.com
Wed Aug 20 14:51:02 UTC 2003



maybe the AV vendors could suply a 'to mail or not to mail' flag within
their databases, based on character of the virus...


any of them lurking here? :)

--

deejay 

> -----Original Message-----
> From: Matthew Kaufman [mailto:matthew at eeph.com] 
> Sent: 20. augusta 2003 16:41
> To: 'Joe Maimon'; nanog at merit.edu
> Subject: RE: To send or not to send 'virus in email' notifications?
> 
> 
> 
> Absolutely not.
> 
> SoBig.F, like many others, forges the sender address. That 
> means that your
> notifications:
>   1) Don't make it back to the person with the infection
>   2) Simply add more clutter to the mailbox of the person 
> whose address was
> used (in addition to all the bounce messages)
> 
> In the enterprise, this is a great argument for scanning 
> outbound email with
> positive identification of whose outbound mail you're scanning.
> 
> Matthew Kaufman
> matthew at eeph.com 
> 
> > -----Original Message-----
> > From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On 
> > Behalf Of Joe Maimon
> > Sent: Wednesday, August 20, 2003 7:25 AM
> > To: nanog at merit.edu
> > Subject: To send or not to send 'virus in email' notifications?
> > 
> > 
> > 
> > Considering the amount of email traffic generated by responding to 
> > forged  virus laden email from culprits like sobig should 
> email virus 
> > scanning systems be configured to send notifications back to 
> > sender or not?
> > 
> > 
> > 
> > 
> 
> 



More information about the NANOG mailing list