RE: To send or not to send 'virus in email' notifications?
maybe the AV vendors could suply a 'to mail or not to mail' flag within their databases, based on character of the virus... any of them lurking here? :) -- deejay
-----Original Message----- From: Matthew Kaufman [mailto:matthew@eeph.com] Sent: 20. augusta 2003 16:41 To: 'Joe Maimon'; nanog@merit.edu Subject: RE: To send or not to send 'virus in email' notifications?
Absolutely not.
SoBig.F, like many others, forges the sender address. That means that your notifications: 1) Don't make it back to the person with the infection 2) Simply add more clutter to the mailbox of the person whose address was used (in addition to all the bounce messages)
In the enterprise, this is a great argument for scanning outbound email with positive identification of whose outbound mail you're scanning.
Matthew Kaufman matthew@eeph.com
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Joe Maimon Sent: Wednesday, August 20, 2003 7:25 AM To: nanog@merit.edu Subject: To send or not to send 'virus in email' notifications?
Considering the amount of email traffic generated by responding to forged virus laden email from culprits like sobig should email virus scanning systems be configured to send notifications back to sender or not?
Thus spake Tomas Daniska (tomas@tronet.com) [20/08/03 10:56]:
maybe the AV vendors could suply a 'to mail or not to mail' flag within their databases, based on character of the virus...
amavisd-new maintains a list of viruses that are known to forge sender addresses. It won't notify the sender (if configured) if the virus found is in the list. I can't speak for the other amavis* projects.
participants (2)
-
Damian Gerow
-
Tomas Daniska