[Mimedefang] Virus notifications
Joseph Brennan
brennan at columbia.edu
Tue Aug 26 09:39:00 EDT 2003
Thanks to Mimedefang, we did not allow any Sobig viruses through
our mail servers, in or out. We have seen over 600,000 attempts
to send us Sobig per day. That's more than our normal total
volume in the summer.
The major unsolved problem now are the allegedly helpful notices
telling our users various lies: that they sent the virus, that
our mail server sent a virus and needs better virus protection.
All based of course on the virus putting a columbia.edu address
as the sender. These cause users great distress since so many
assume their PC is infected or their "email account" is infected,
and the remarks about our server harm our reputation on campus.
And the clutter is really annoying: I had 70 of them overnight.
So now we want to reject the stupid notices. Not all are proper
bounces From:<> either-- many are newly generated messages. It
seems like doing open INPUTMSG would be expensive and I am
trying to figure how to do it as little as possible and get a
good payoff. No answer yet. I'm wondering if others have a
magic bullet that gets many of these. Maybe enough are From:<>
that it's worth checking those. I still have to look.
I wonder how we can stress to antivirus software makers that
notifying senders is a very very bad idea, at least for certain
well known viruses.
Joseph Brennan Columbia University in the City of New York
Academic Technologies Group brennan at columbia.edu
More information about the MIMEDefang
mailing list