[unisog] Auto AV Notification ( was Re: New virus)

Bill Martin bmartin at luc.edu
Thu Nov 24 19:42:05 GMT 2005


Not taking credit away from those that are knowledgeable, a statement like "Anyone with enough clue to be on this list probably . . ." is dangerous statement.  I've seen people on this list that could not find their way off it, so much for their technical understanding :-). 

Seriously though, I find it amazing how many supposed educated admins believe they are doing people a service by sending a bounce to the alleged sender indicating that they sent a virus.  One thing that I learned quickly (and this applies to your comment) is to never estimate (over or under) an admins knowledge or understanding of technology.  I tend to put the shoe out and if fits, I hope people wear it, if it doesn't fit them, I would hope they have the common sense to not put it on.

Additionally, being in the industry for some time, I always find something new to learn daily.  I belief (and I would hope others do as well) that if you are not learning, your not doing your job.  So as much as you and I might find this to be old hat, if my request impacts one person, and it saves a few hundred thousand auto replies, IMHO, makes it worth mentioning

As an FYI....  many fo the virus notification we have received have been from the EDU sector . . . so, it would seem mentioning it here is not really preaching to the choir


>>> prussell at nd.edu 11/24/05 7:42 AM >>>
On 11/23/2005 23:34, Bill Martin wrote:
> As a result of these little buggers, and their spoofing of the sender, we 
 > receive thousands of notifications that mail to xxx failed to deliver...
 > or the mail you sent contains a virus.. etc...

We received a complaint yesterday from an individual who had received a virus
carrier message with a bogus sender address in our domain. The recipient's
mail server had performed sender verification, so the headers included the
results showing that the sender address did not exist. But we got the
complaint anyway.

> Is there really any point in this?  Think about it, replying to these is 
 > usually pointless.  The people that these bounce back to usually did not
 > send the initial the e-mail... sending notifications creates more work for
 > everyone and their SMTP gateways and mail systems, etc...
> So, I simply would like to ask if auto notifications are really needed?  
 > If not, please, PLEASE shut the blasted things off.... the solution is
 > creating almost as much of a problem as the problem itself IMHO . . .

Anyone with enough clue to be on this list probably has enough clue to have
already disabled virus alerts to almost-certainly-forged sender addresses.
In other words, you are preaching to the choir.

Paul Russell
Senior Systems Administrator
OIT Messaging Services Team
University of Notre Dame
unisog mailing list
unisog at lists.sans.org

More information about the unisog mailing list