ANNOUNCE: Version 3.20-1 released
T. Combs
COMBSTM at APPSTATE.EDU
Fri Jun 14 16:08:56 IST 2002
> > -- Added configuration option to list viruses that should be quietly
> > deleted without informing the sender or recipient. A good example is
> > the "Klez" worm
> Why would I want to do this??? Whey wouldn't I want to tell the
> sender/recipient that their mail had a virus??
The idea that every piece of email is generated by a valid user is no
longer a rule we can rely on. Normally this is true, but in the case of
virus generated email, I choose to drop the email completely without
notifying the sender or the receiver. We do this by looking at the virus
description, and then drop by the name of the virus so as not to confuse,
spam, or confuse users. By dropping the email, I can protect the users who
have had their documents (some of them sensitive) sent to people in their
addressbooks. Sometimes the From: envelope is not correct in virus
generated email, and would cause a bounced piece of email to go to the
wrong person.
In order to assist the users, we look at the headers of virus email
originated at our site and contact the user directly. Most of the time
they have no clue they are hosting a virus.
This process has been performed for over a year at our site with no complaints.
The complaints usually are asking why email was sent to them from someone
they don't know, with a message that a virus was removed.
--
Combstm at appstate.edu
Appalachian State University (828)262-6297
Information Technology Services FAX: (828)262-2236
More information about the MailScanner
mailing list