To send or not to send 'virus in email' notifications?

• Previous message (by thread): To send or not to send 'virus in email' notifications?
• Next message (by thread): To send or not to send 'virus in email' notifications?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>virus laden email from culprits like sobig should email virus
> scanning systems be configured to send notifications back to sender or >not?
 

Virus notification was great in times past.  With forged addresses, now the 
double edged sword is pointed back at the victim system, since some of the 
notifications are sent to invalid domains or accounts the mail rests 
undeliverable in a mail queue awaiting to expire. 

My mail queue rose yesterday to over 100 undeliverable mails.  All of these 
from sorbid notifications to illegal domains or accounts.  I shutdown 
notifications ASAP, saving myself (and my systems) some processing time. 

The notification piece of most scanner engines need to be revamped by the 
software manufacturers and developers to keep up in the new trends in virii 
behavior (i.e. forged addresses). 

Someone posted that Amavis-new has this feature, and this is open source 
software, you imagine the commercial companies could have figured this one 
out by now since klez also used forged addresses. 

Gerardo 


D'Arcy J.M. Cain writes: 

> 
> On Wednesday 20 August 2003 10:25, Joe Maimon wrote:
>> Considering the amount of email traffic generated by responding to
>> forged  virus laden email from culprits like sobig should email virus
>> scanning systems be configured to send notifications back to sender or not?
> 
> Absolutely not.  My spam filters are handling the original spam fine but I am 
> getting tons of responses to email I didn't send in the first place.  It's 
> legitimate email from legitimate sources so the filters don't catch it but it 
> is garbage nonetheless. 
> 
> -- 
> D'Arcy J.M. Cain <darcy@{druid|vex}.net>   |  Democracy is three wolves
> http://www.druid.net/darcy/                |  and a sheep voting on
> +1 416 425 1212     (DoD#0082)    (eNTP)   |  what's for dinner.
 


Gerardo A. Gregory
Manager Network Administration and Security
402-970-1463 (Direct)
402-850-4008 (Cell)
 ------------------------------------------------
Affinitas - Latin for "Relationship"
Helping Businesses Acquire, Retain, and Cultivate
Customers
Visit us at http://www.affinitas.net 

• Previous message (by thread): To send or not to send 'virus in email' notifications?
• Next message (by thread): To send or not to send 'virus in email' notifications?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]