Home page logo
/

nanog logo nanog mailing list archives

Re: To send or not to send 'virus in email' notifications?
From: "Gerardo A. Gregory" <ggregory () affinitas net>
Date: Wed, 20 Aug 2003 11:03:03 -0500


virus laden email from culprits like sobig should email virus
scanning systems be configured to send notifications back to sender or >not?


Virus notification was great in times past. With forged addresses, now the double edged sword is pointed back at the victim system, since some of the notifications are sent to invalid domains or accounts the mail rests undeliverable in a mail queue awaiting to expire. My mail queue rose yesterday to over 100 undeliverable mails. All of these from sorbid notifications to illegal domains or accounts. I shutdown notifications ASAP, saving myself (and my systems) some processing time. The notification piece of most scanner engines need to be revamped by the software manufacturers and developers to keep up in the new trends in virii behavior (i.e. forged addresses). Someone posted that Amavis-new has this feature, and this is open source software, you imagine the commercial companies could have figured this one out by now since klez also used forged addresses. Gerardo

D'Arcy J.M. Cain writes:

On Wednesday 20 August 2003 10:25, Joe Maimon wrote:
Considering the amount of email traffic generated by responding to
forged  virus laden email from culprits like sobig should email virus
scanning systems be configured to send notifications back to sender or not?

Absolutely not. My spam filters are handling the original spam fine but I am getting tons of responses to email I didn't send in the first place. It's legitimate email from legitimate sources so the filters don't catch it but it is garbage nonetheless.
--
D'Arcy J.M. Cain <darcy () {druid|vex}.net>   |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 425 1212     (DoD#0082)    (eNTP)   |  what's for dinner.



Gerardo A. Gregory
Manager Network Administration and Security
402-970-1463 (Direct)
402-850-4008 (Cell)
------------------------------------------------
Affinitas - Latin for "Relationship"
Helping Businesses Acquire, Retain, and Cultivate
Customers
Visit us at http://www.affinitas.net

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault