Re: [Declude.Virus] JS/IFromot.A

[Matt]

>From noon yesterday through about midnight this morning, we received over 400 of these bounced to our postmaster account as undeliverable.  They were very high in volume due to the dictionary type of address propagation.  I blocked it before it was treated as forging, but I am very, very close to turning off the recip.eml totally as it doesn't seem to have any value unless there are macro viruses infecting documents.  Seems that the only issues with false positives have been vulnerabilities and occasionally banned extensions. I wonder if there is a good way to set a ONLYSENDIFVIRUSNAMEHAS (v1.77) that will match macro viruses in the names most commonly used???  Or better yet, I wonder if there is a list somewhere of classifications that are used in naming conventions by F-Prot, AVG and McAfee, for instance this one started with "JS/", and I would imagine that all JS/ viruses don't need notifications. Ok, back to hibernation for me :) Matt John Tolmachoff (Lists) wrote: I received one of those as well (from a different domain) and explained thanking for the information and to remember that it takes time to fully understand what a virus does/spread, and this one appears to be a slow spreader, as I have only seen 5 today so far. John Tolmachoff Engineer/Consultant/Owner eServices For You -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darin Cox Sent: Tuesday, September 07, 2004 2:43 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] JS/IFromot.A Us as well...had a rather unfriendly postmaster at ml.org send us a nastygram saying we were now blocked from sending to him. We sent a friendly reply back, but I don't know if he'll receive it. Scott, got any idea when this will make it to the forging list? Based on this I'm considering not sending any virus notifications at all. I certainly agree in sentiment with the guy at ml.org that notifications should not be sent for forging viruses, just not with the unprofessional way that he handled it. There certainly seems to be a growing lack of cooperation from some mail admins due to the escalation in spam and virus content over the past couple of years... Darin. ----- Original Message ----- From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 07, 2004 5:22 PM Subject: RE: [Declude.Virus] JS/IFromot.A I have received a report of this today as using a forged sender. John Tolmachoff Engineer/Consultant/Owner eServices For You -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Markus Gufler Sent: Monday, September 06, 2004 10:42 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] JS/IFromot.A I can see some few appearances of JS/IFromot.A. Looks like this are spam messages containing suspicious code and the sender-adress is forged. So if other people is also seeing IFromot, maybe it should be added to the forged-list. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================