Hi Barrie,
my advice would be to resist the urge to send anything back to the email
address that the virus came from. I know that it seems like a good idea
to warn people that they might have a virus, but almost all of the newer
viruses that are propegating these days have spoofed addresses. Some of
these are made up addresses that won't go anywhere and might bounce back
to you (so you have to deal with them), some of them go to the sys admin
of the domain used and they have to deal with them (which wastes their
time). Others end up with a person who is not infected but was in the
address book (or their email appeared on a cached web page etc) of the
person who is infected, and the person who isn't infected panicks
unnecessarily. The most insidious of them have addresses picked by the
virus writer of a domain that they don't like for some reason and so
that domain then gets swamped with this sort of automatic message reply
for messages they never sent (and it also doesn't do their reputation
any good as far as all those who don't realise that the domain in
question had nothing to do with it). So for the (very) few cases in
which you might help someone realise they have a virus, you'll problaby
send thousands of warnings that will cause more harm than good.
As someone who's had to deal with some of the cases mentioned above,
please resist the temptation to do what on the surface seems to be a
kind guesture.
cheers,
noel
B. van Burk wrote:
> Hi Marvin, I was thinking the same thing today: it's really a bad idea.
>
> I'm now thinking of
> - allways dropping the entire message if it contains : .pif .ocx etc (with
> a note to syslog)
> - virus check attachments (.exe .com .doc etc) and drop attachment if it
> contains a virus, and then bounce back to the (probably faked) original
> sender, with a note attached clearly explaining why he/she recieves this
> message.
>
> thanks for responding,
> Barrie
>
>
>
>>I wouldn't do this - in case of a virus the "from" address would most
>>likely be spoofed - thus you'd be bouncing email back to somebody who
>>didn't send it. And if you bounce the entire email back (including
>>attachments) to a server that does the same thing you're trying to do,
>>you'll end up with email bouncing back and forth. Or worse, if you
>>bounce the email back to someone who didn't send it in the first place,
>>you're just spreading the virus further. :-\
>>
>>If you're trying to simply send a text email such as "sorry, this server
>>does not accept certain types of attachments" back then this would
>>probably be more acceptable and I am sure it can be done, although I
>>don't know how.
>>
>>B. van Burk wrote:
>>
>>
>>>I'd like to bounce email (back to the sender 5.7.1) based upon attachment
>>>type. (.pif .dll .vbs) etc. Is this possible (to implement)?
>>>
>>>Kind regards,
>>>Barrie
>>>
>>
>
>