If your user is the sender, get you butt dwon there and clean it up! Your also going to have to ask some tough questions as your AV software should have stopped it. I do admit it happens, it has happened here, but every time we have to review why it happened and what needs to be done to prevent that in the future. That has included VERY string warnings to employees to not attempt to defeat the AV system. (They still do, they still get 'educated')
Also, that is fairly easy to check. Just look for virus content on your OUTGOING queue. That protects your company for embarassment without the risk of embarassment from looking like your stupid when you send your infected messages to the wrong people. As for "What going to happen when p*rn spammers start sending messages to users as [EMAIL PROTECTED]", where have you been. They have been spoofing for more than two years! Yes, it is a problem with e-mail, but that is not an excuse to punnish the innocent. Dan is doing the responsible thing, he recognised that Klez and other viruses like it lie. SO he only responds to those that he has a resonable chance at contacting the real sender of the virus. As I said in my last post, no one would argue that method. I believe it should be able to be automated. I also believe it is the responsibility of the AV scanners that offer autoreply to implimnet something to suppress the messages when they would go to the incorrect person. All they have to do is tag the identities as falsefrom viruses. Then there is the possibility of controling what gets a autoresponse and what does not. I do not know about the others on the list, but I imagine that the writes of the current viruses are rolling on the floor laughing at all the finger pointing and false accusations a few infections can cause. Michael -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 12:27 PM To: Exchange Discussions Here's the problem with not performing sender notifications: What if your user is the sender? Don't say it doesn't happen. It does, and sometimes that's the best way for you to know it happened. <SNIP> Roger -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Dan Bartley [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 10, 2003 12:03 PM > To: Exchange Discussions > Subject: RE: Virus Notifications to Sender? > > > We don't send sender notifications. It is bad Netiquette in the > current Trojan environment. It is bad for email lists, it is bad for > IT departments and it is bad for individual users. > > However, we do look at the recipient and administrative notifications. > If it is klez, sobig, etc. we pretty much ignore it. If it is > something else we look at the headers and see if we can trace it. If > we can, we send a notification. > > A little extra work for us, but we are not causing extra work for > others by doing it this way. That is where the above "bad Netiquette" > comment comes from. > > Best Regards, > > Dan Bartley > > -----Original Message----- > From: Christopher Hummert [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 10, 2003 11:56 > To: Exchange Discussions > > A simple change in the notification could solve this problem. > You could say "your system might possibly be infected with a virus" or > something along those line. But the problem of spoofing your trying to > get across is more of a problem with e-mail in general then with > anti-virus software. What going to happen when p*rn spammers start > sending messages to users as [EMAIL PROTECTED] > <SNIP> _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
