[Mimedefang] Re: Notifying virus recipients
Jeremy Mates
jmates at sial.org
Fri May 16 11:21:02 EDT 2003
* Adrian Chadd <adrian at creative.net.au>
> The boss would like the sender to be notified that they've sent
> something which we've intercepted and modified. The boss would also
> like the recipient to be notified that the sender sent them something
> which looked like a virus.
Instead of per-recipient notifications-- potentially troublesome when
10,000 viruses arrive in the night, resulting in 10,000+ notifications--
consider a database that lists what was blocked plus any relevant
message details (to, from, subject, etc). Then, the recipient could get
a periodic summary email, and have other means (cli tools, website) to
check on the details, which would show something like "10,000 blocked
from big at boss.com yesterday."
Sender notifications are trickier, as others have pointed out. The
following fake sender information; I discard these, and ideally should
attempt to notify the network contact (if any!) for the sending IP...
/(?i)klez|bugbear|nimda|hybris|yaha|braid|sobig|fizzer/
More information about the MIMEDefang
mailing list