Re: [Declude.Virus] Correct me if I am wrong
You can use recip.eml to send a note that says "you were sent a virus", but none of the the current active viruses and only about half of the older ones have a valid sender. So, sending "an unknown person", who is claiming to be somebody else, is infected and knows your e-mail address is worse than useless. It generates questions and confusion. In our business (a newspaper) we have lots of different people sending us info, that we need. For example a school coach sending scores and stats from a game. While we try to have them sent "plain text", we still recieve a lot of info in Word, Excel, etc. IF (and it's getting rare) a Word Macro virus or signature virus like KAK is found, then sending both sender and reciever a notice, allows the users to know about the problem and work out a solution. I identify about 20 virus families as forging, then if check at the top of recip, sender and sender Postmaster for a forged sender. Also Scott recently added an automated way to block these and not have to update the configs with every new pest manually. (We can get you syntax and examples, if needed) Greg Goran Jovanovic wrote: If a virus in an attachment is detected then the whole message will be held and the recip.eml notification will be sent out. Is there a way to allow the e-mail to go through to the user with a notification that the attachment was stripped? --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Correct me if I am wrong
Another example of why that idea is bad is demonstrated by one of McAfee's mail server virus engines. I have seen messages forwarded my way that say our email server detected a virus you sent, please see attachment for details. The problem is the virus is a forging one the mail server sent the notification to the wrong recipient and to actually see the information on the virus you have to open the attachment which has the same name as the original virus but with an .htm extension added on ie virusfile.pif.html. Initially the message looks like a virus that somehow made it past all the scanners, but the attachment is actually a html file from McAfee Antivirus saying it has removed the original attachment. This is a fine example of why A. You should not send out notifications for forging viruses and B. Don't send notifications that look just like the original virus. Jim Matuska Jr.Computer Tech IICCNANez Perce TribeInformation Systems[EMAIL PROTECTED] - Original Message - From: John Tolmachoff (Lists) To: [EMAIL PROTECTED] Sent: Wednesday, May 19, 2004 5:09 PM Subject: RE: [Declude.Virus] Correct me if I am wrong 99.99% of virus infected e-mails are bogus anyways, so why would you want to let it through? Oh, the answer to your question is no. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran JovanovicSent: Wednesday, May 19, 2004 2:58 PMTo: [EMAIL PROTECTED]Subject: [Declude.Virus] Correct me if I am wrong I believe this is correct. If a virus in an attachment is detected then the whole message will be held and the recip.eml notification will be sent out. Is there a way to allow the e-mail to go through to the user with a notification that the attachment was stripped? Goran Jovanovic The LAN Shoppe image001.gif
RE: [Declude.Virus] Correct me if I am wrong
99.99% of virus infected e-mails are bogus anyways, so why would you want to let it through? Oh, the answer to your question is no. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Wednesday, May 19, 2004 2:58 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] Correct me if I am wrong I believe this is correct. If a virus in an attachment is detected then the whole message will be held and the recip.eml notification will be sent out. Is there a way to allow the e-mail to go through to the user with a notification that the attachment was stripped? Goran Jovanovic The LAN Shoppe image001.gif