Auto-responding virus

[Rose, Bobby]

When I see such occurrances, I just blacklist the address in sendmail
for a few days.  Maybe the autoresponder can be like vacation where it
records that I've already sent a message to this person but the downside
to that is that you aren't nagging the person that they have a virus.
Typical user is one virus message = ignore ;-)  I prefer blacklisting
anyway because the mail system doesn't have to process the extra junk
which can still fill up queues and make sendmail and mailscanner work
harder when they don't need to.

-----Original Message-----
From: Steven Patterson [mailto:S.R.Patterson at SOTON.AC.UK] 
Sent: Thursday, January 17, 2002 1:08 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Auto-responding virus


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jules et al,

We've got a bit of a problem at the moment.  Local Postmaster is set to
"Serviceline at soton.ac.uk" (our "helpdesk" email address) in order that
virus warning emails go out with this address to which people can reply
and ask questions of our knowledgable and friendly staff ;-)

The problem is that there seems to be some virus out there somewhere
which automatically replies to any email by mailing itself back to the
sender - and serviceline is getting flooded with (disinfected) auto
replies.

Now I'm guessing that these auto-responding viruses aren't too clever,
so my suggestion is that a configuration option is offered to allow the
setting of a reply-to address on the various warning messages.  Then we
can set the from to be a nice /dev/null account like "nobody" and set
the reply-to to be something a human being will read.  We can even
include text in the messages telling any real human out there that they
should reply to the reply-to address rather than the from address.

Alternatively, how about some sort of "complex header" option in the
config file which specifies whether the virus warning messages contain
only the body text or also some user-specified headers - so you could
write a sender-report.txt along the lines of:

From: E-Mail Virus Scanner <nobody at soton.ac.uk>
Reply-To: $Config::Local_Postmaster (or whatever it is)
Subject: Warning: E-Mail viruses were present in your message $subject
X-Mailscanner-Info: $report $host $qid (or whatever)

This is to warn you that your message...
(etc)

The first blank line being the seperator between headers and body, as
per convention.

Just a thought, it's not a big issue.

Steve

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPEcS962fOiTs5+WvEQJ9qACg/gG0SMwhVEkGAAvek55ZfhgOtQkAnibO
i4Eh67npb1TMV9Oa+pHjobkr
=NJAl
-----END PGP SIGNATURE-----