[unisog] Auto AV Notification ( was Re: New virus)

Ken Connelly ken.connelly at uni.edu
Thu Nov 24 23:55:03 GMT 2005

Bill Martin wrote:

>As an FYI....  many fo the virus notification we have received have been from the EDU sector . . . so, it would seem mentioning it here is not really preaching to the choir
The majority seen here used to come from the K-12 area.  For a long 
time, when I received such a message, I would send this:

> All current worms and viruses, including the one you mention here,
> spread by using forged From: addresses.  This is done to confuse both
> end-users and brain-dead software such as is the case here.
> You can avoid contributing to the problems associated with viruses if you
> would turn off the feature in your software that sends these meaningless
> messages.

to the abuse and/or postmaster accounts at the domain.  I don't get so 
many from K-12 any more, so maybe it worked??

Somebody, maybe the University of Texas (utexas.edu)?, runs something 
that disects the headers of viral/worm mail and notifies the domain 
admin of the source network.  I've never received multiple notifications 
for the same infected host, so they must be keeping track of which 
source addresses have had notifications sent.  I don't know any more 
details, but it seems to be an accurate and worthwhile effort.  Kudos!

- ken

More information about the unisog mailing list