Thomas Cameron wrote:
Yes and no. Normally what I do if a host is streaming out many viruses to my server, and its ip address is in a US based range owned by an isp I recognize, i'll usually call their ISP and tell them that one of their customers is infected, and it would be nice to let them know before they are RBL'd (not talking about res dynamic accounts, rbl's handle that.) 9 times out of 10, the stream of viruses stop. I won't report them for spam, because often enough, it's a SOHO that has one computer infected. Things happen (they shouldn't if everyone was a perfect admin, but we're human) and often times, there is no administrator on site to handle the normal biz of systems admin. I don't use SA for virus scanning -- it is not for that, I use clamav mostly for that purpose, and has worked well for me for quite some time. SA isn't as efficient as clamav is at detecting viruses (amount of memory/cpu.) Like you said, right tool, right job. There is the matter of virus notifications -- these are spam. I don't want to hear if someone spoofed my address, and sent you a bazillion emails with a virus attached -- not my problem. Check my SPF records, that sender is not in the allowed list to send mails from. These I do report.Howdy -I recently responded to a thread on a local LUG mailing list where a guy wanted to report a virus as spam. I have always thought that using a spam tool to fight viruses was wrong, and I said so. He asked why, and basically my response was "use the right tool for the job," as in use a virus tool for viruses, and use a spam tool for spam. What is the "conventional wisdom" on this list? Should viruses be reported as spam? If so, why? If not, why not? Thanks! Thomas
-- Thanks, JamesDR
smime.p7s
Description: S/MIME Cryptographic Signature
