[Dshield] Upsurge in SoBig? 2

Dan dan at dbdigitalweb.com
Mon Sep 8 19:57:36 GMT 2003


>Incidentally, in the worst cases I've set up a filter to block all traffic
from the >source IP at the outside door.  Otherwise I'm letting the
anti-virus software >catch them, delete them, and report to me.  We do not
send a "virus caught" >notification to the sender.  I'm not sure why anybody
would even try that >anymore.

I don't know either.  But when one of my mailboxes was  unindated with SoBig
emails a few weeks back, there were several that said "virus caught" sent
from some ISP that had caught the virus as it tried to pass through their
systems and they sent this type of email to me because it had my "return
address" on the "envelope".  Well I certainly never sent it as I was never
infected with the virus, so it was obviously spoofing that email address.
And that is a good reason why not to use the "notification of sender" option
in Antivirus software.   It was a good idea in the prespamer era, but now in
post all it does it further clog email severs with junk as probably 99% of
them are going to the wrong person.

BTW-I am paranoid as well....it keeps my network clean and running well heh.

-Dan




More information about the list mailing list