Sobig getting tagged as spam not virus

Alan Fiebig mailscanner at ELKNET.NET
Fri Aug 22 02:58:20 IST 2003


I am very pleased that my site is not one of those spewing forth 'you computer may be infected with the Sobig.F virus' reports, all due to Julian's 'Silent Virus' feature. It works fine...

But, it would appear from the comments below, and also first hand observation, that a number of the Sobig emails are also getting caught by MS/SA as spam. These emails are generating 'you sent us spam' reports back to the sender, and of course that sender was forged by the virus.

I am getting complaints from some sites that my MS system is hammering them with rejection notices. Not 'virus infected' notices, but rather 'you sent spam' notices. They are treating me like an idiot "Don't you know Sobig fakes the senders address? STOP sending us these notices NOW!" kind of messages.

Being the receipient of many of these virus warnings from sites without a 'Silent Virus' feature, I can understand the frustration of those yelling at me.

Does anyone have a solution to this problem? Some means to recognize a spam as being sent by a silent virus, such as Sobig, and not in turn sending a spam rejection notice?

Thanks!
-Alan

>> >Mail with the Sobig.F message body is coming in with and without an
>> >attachment, therefore we get {SPAM?} or  {VIRUS?} tagged e-mail. The score
>> >for the spam messages is the same 5.9.

>>If a message contains a silent virus but also registers as spam, would it
>>be delivered? (ssems so in this case)
>



>The virus-infected messages and the spam messages are separate. They are
>all caused by the same thing, but don't expect all this mail to be
>virus-infected, it's not.
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list