Sobig.F@mm.enc

[Antony Stone]

On Sunday 07 September 2003 1:17 am, Rose, Bobby wrote:

> I thought that MS had been written in the early 4.xx version to blcok
> anything encoded in the headers

I'm not sure what you mean by this - "block anything encoded in the headers"?

> so I'm thing that maybe it's gbeen broken due to
> all the new content checking options that's been added.
>
> Now I don't know if it's the virus or the AV software that someone is
> using but the message is from a postmaster at xxx.xxx.xx and is a rejection
> message saying that the message you sent was infected.  So it's either a
> virus generated message or a real bounce message where the original
> message was sent back with the virus.  It don't know if there are AV
> products out there that send the whole oringal message back if reject
> which sounds kind of dumb.

You're right - there are some very dumb mail systems out there - no need to
blame the AV products - they just say "this is a virus" - it's the mail
system which decides what to do with the email the virus was found in.

Sensible ones check if the virus was of the type that forges sender addresses
and keep quiet if it is.

Slightly stupid ones bounce messages back saying "you just sent us a virus"
to people who didn't.

Really dumb and dangerous ones bounce messages back saying "you just sent us
a virus and here it is back again" to people who didn't send it in the first
place (but at least they've got it now...)

Antony.

--

Software development can be quick, high-quality, or low-cost.

The customer gets to pick any two out of three.