[unisog] Auto AV Notification ( was Re: New virus)
ken.connelly at uni.edu
Thu Nov 24 23:55:03 GMT 2005
Bill Martin wrote:
>As an FYI.... many fo the virus notification we have received have been from the EDU sector . . . so, it would seem mentioning it here is not really preaching to the choir
The majority seen here used to come from the K-12 area. For a long
time, when I received such a message, I would send this:
> All current worms and viruses, including the one you mention here,
> spread by using forged From: addresses. This is done to confuse both
> end-users and brain-dead software such as is the case here.
> You can avoid contributing to the problems associated with viruses if you
> would turn off the feature in your software that sends these meaningless
to the abuse and/or postmaster accounts at the domain. I don't get so
many from K-12 any more, so maybe it worked??
Somebody, maybe the University of Texas (utexas.edu)?, runs something
that disects the headers of viral/worm mail and notifies the domain
admin of the source network. I've never received multiple notifications
for the same infected host, so they must be keeping track of which
source addresses have had notifications sent. I don't know any more
details, but it seems to be an accurate and worthwhile effort. Kudos!
More information about the unisog