[unisog] Virus droppings and unresolvable domains - your input.

Paul Russell prussell at nd.edu
Mon Mar 1 22:22:35 GMT 2004

Thomas DuVally wrote:
> 1) We deliver all those virus messages (cleaned, of course) that are
> generated by viruses themselves (mydoom, sobif, klez ...) to our users.

Given the nature of mass-mail viruses, there is nothing of value to the
recipient in the message, and there is the risk that the volume of mass-mail
virus carrier messages delivered to a single mailbox might result in an
effective denial of service to that user. Consequently, we discard mass-mail
virus carrier messages.

We run McAfee uvscan on our central mail servers. Generally, McAfee identifies
mass-mail viruses by appending '@MM' to the virus name, e.g., W32/Mydoom at MM. If
the virus name ends in '@MM', the message is discarded. If the virus name does
not end in '@MM', the message is disinfected and delivered. When McAfee fails
to conform to their own standard in this respect, disinfected mass-mail virus
carrier messages are delivered to the addressees.

Paul Russell
Senior Systems Administrator
University of Notre Dame

More information about the unisog mailing list