Another thought on a similar issue, is a way to prevent the remote postmaster and sender notifications from bouncing when the senders address is forged, I see this more often with Declude Junkmail than Anti-Virus, but it would help cut down the hundreds of messages a day that are bouncing back as undeliverable to the postmaster account.
Jim Matuska Jr. Nez Perce Tribe Information Systems [EMAIL PROTECTED] ----- Original Message ----- From: "Paul Ingram" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 25, 2002 7:27 AM Subject: RE: [Declude.Virus] Another virus to skip notify > Would the notification emails be something like this: > > SKIPIFVIRUSNAMEHAS Magistr > SKIPIFVIRUSNAMEHAS Kelz > ONLYSENDIFREMOTESENDER > From: postmaster@%LOCALHOST% > To: postmaster@%SENDERHOST% > Subject: Your mail server sent us a virus > > Or > > SKIPIFVIRUSNAMEHAS W32/Magistr.b@MM; W32/Klez.h@MM; W32/Hybris.worm.B > ONLYSENDIFREMOTESENDER > From: postmaster@%LOCALHOST% > To: postmaster@%SENDERHOST% > Subject: Your mail server sent us a virus > > Also would you need the whole name of the virus? I ask this because of > the different variants either of the viruses itself or the way the AV > reports the name. > > Would this list be good or if some one has a better one please post it. > I have about 20 flaming emails from postmasters that say they are not > infected. I would like to keep the email from going out to the wrong > person. > > W32/Klez.h@MM > W32/Klez.H@mm > W32/Klez.gen@MM > W32/Magistr.32768@mm > W32/Magistr.b@MM > W32/Magistr.28672@mm > W32/Magistr.a@MM > W32/Klez.E@mm > W32/Klez.e@MM > W32/Hybris.worm.B > W32/Hybris.gen@MM > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry > Sent: Thursday, April 25, 2002 9:19 AM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.Virus] Another virus to skip notify > > > >Now I don't know which address (nmiller or mmiller) Declude sends it's > "you > >sent a virus" message to. Maybe Scott can answer that, but if it is the > >wrong address then sending that message to the sender could be skipped. > > Declude Virus sends to the return address (from the SMTP envelope), > which > in the case of Magistr is the altered address. So skipping the sender > notification (adding "SKIPIFVIRUSNAMEHAS Magistr" to the sender.eml > file) > would be a good idea. > -Scott > > > --- > [This E-mail scanned for viruses by Declude Virus/McAfee] > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". You can E-mail > [EMAIL PROTECTED] for assistance. You can visit our web > site at http://www.declude.com . > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
