Gwd: crypted document

Jason J. W. Williams williamsjj at
Fri Aug 3 02:51:10 UTC 2007

Hi Guys,

It seems to me a lot of virus scanners picked up this behavior in the
days of the "I Love You" and Melissa viruses, when virii tended to
infect documents rather than be self-propagating worms. We haven't lived
in a world where its likely a legitimate sender is unwittingly sending
infected documents for awhile. It'd be nice if  the AV/MTA vendors would
take this feature out, or AV the message before they accept the DATA
section and leave it to the sending mail server to bounce it.


-----Original Message-----
From: owner-nanog at [mailto:owner-nanog at] On Behalf Of
Chris Adams
Sent: Thursday, August 02, 2007 8:22 PM
To: nanog at
Subject: Re: Gwd: crypted document

Once upon a time, Hex Star <hexstar at> said:
> Why would someone in the ISP industry try to spread a virus?
Ironically I
> suppose a ISP admin may have their own computer infected... :P

Why would someone assume that the sender in a virus email is valid?

Also, I want to thank all those with auto-responders that respond to
list email for letting me know about this message to NANOG.
Chris Adams <cmadams at>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.


More information about the NANOG mailing list