anomy-list

Re: Bounce on Attachment Type

From: Noel Clarkson (99884@xyz.molar.is)
Date: Fri 07 Nov 2003 - 02:01:28 GMT

  • Next message: Systems Administrator: "Re: Bounce on Attachment Type"

    Hi Barrie,

    my advice would be to resist the urge to send anything back to the email
    address that the virus came from. I know that it seems like a good idea
    to warn people that they might have a virus, but almost all of the newer
    viruses that are propegating these days have spoofed addresses. Some of
    these are made up addresses that won't go anywhere and might bounce back
    to you (so you have to deal with them), some of them go to the sys admin
    of the domain used and they have to deal with them (which wastes their
    time). Others end up with a person who is not infected but was in the
    address book (or their email appeared on a cached web page etc) of the
    person who is infected, and the person who isn't infected panicks
    unnecessarily. The most insidious of them have addresses picked by the
    virus writer of a domain that they don't like for some reason and so
    that domain then gets swamped with this sort of automatic message reply
    for messages they never sent (and it also doesn't do their reputation
    any good as far as all those who don't realise that the domain in
    question had nothing to do with it). So for the (very) few cases in
    which you might help someone realise they have a virus, you'll problaby
    send thousands of warnings that will cause more harm than good.

    As someone who's had to deal with some of the cases mentioned above,
    please resist the temptation to do what on the surface seems to be a
    kind guesture.

    cheers,

    noel

    B. van Burk wrote:
    > Hi Marvin, I was thinking the same thing today: it's really a bad idea.
    >
    > I'm now thinking of
    > - allways dropping the entire message if it contains : .pif .ocx etc (with
    > a note to syslog)
    > - virus check attachments (.exe .com .doc etc) and drop attachment if it
    > contains a virus, and then bounce back to the (probably faked) original
    > sender, with a note attached clearly explaining why he/she recieves this
    > message.
    >
    > thanks for responding,
    > Barrie
    >
    >
    >
    >>I wouldn't do this - in case of a virus the "from" address would most
    >>likely be spoofed - thus you'd be bouncing email back to somebody who
    >>didn't send it. And if you bounce the entire email back (including
    >>attachments) to a server that does the same thing you're trying to do,
    >>you'll end up with email bouncing back and forth. Or worse, if you
    >>bounce the email back to someone who didn't send it in the first place,
    >>you're just spreading the virus further. :-\
    >>
    >>If you're trying to simply send a text email such as "sorry, this server
    >>does not accept certain types of attachments" back then this would
    >>probably be more acceptable and I am sure it can be done, although I
    >>don't know how.
    >>
    >>B. van Burk wrote:
    >>
    >>
    >>>I'd like to bounce email (back to the sender 5.7.1) based upon attachment
    >>>type. (.pif .dll .vbs) etc. Is this possible (to implement)?
    >>>
    >>>Kind regards,
    >>>Barrie
    >>>
    >>
    >
    >



    hosted by molar.is