[Mimedefang] Dropping e-mails generated by the Sobig Virus

Michael Sofka sofkam at rpi.edu
Fri Aug 22 12:28:01 EDT 2003


On Friday 22 August 2003 01:50, Jakub Wasielewski wrote:

> I  had the same confusion, I thought that action_bounce produces sepa­
> rate e-mail notifying sender. Now I  know  action_bounce  is  *execly*
> what I was looking for.
>
> RB> So yes, action_bounce is much better.  I've already changed my fiilter.
>
> And so did I, thanks to Ole Craig :)

No, action action_discard is what you want, at least while Sobig.f
is in the wild.  We've been using action_bounce, and are now
contemplating a switch to _discard, at least until things settle down.
(Likely using a table to decide the action based on virus type).

The problem with action_discard vis-a-vis Sobig.f, is that Sobig.f
is often uses which then generate a delivery error in respose
to the action_bounce.  I've personally received hundreds of
these in the past few days.

With the ratio 48,000 Sobig.f to 300 all other viruses, the
more usual correct action is to discard.  (Besides, I doubt
Sobig.f is checking the discard message, and even if it were,
I would not tell the machine owner about it.)

Mike

-- 
Michael D. Sofka              sofkam at rpi.edu
C&CT Sr. Systems Programmer    Email, TeX, epistemology.
Rensselaer Polytechnic Institute, Troy, NY.  http://www.rpi.edu/~sofkam/




More information about the MIMEDefang mailing list