Kee Hinckley wrote: > At 9:44 AM -0700 8/19/03, wirepair wrote: > >> heh anyone else seeing this or am i being targeted. Getting a lot of >> bounce backs saying i'm sending off virii which is impossible because >> i'm not infected. It also looks like i'm getting a ton from 'security >> peoples' email > > > Join the club. My account and lots of other accounts at somewhere.com > are getting innundated. I'm getting far more "you sent a virus" > warnings than the viruses themselves. Which is completely irresponsible > on the part of the anti-virus vendors. They know this virus forges the > from address, they shouldn't be sending mail to the from address. Never > mind the ones that send mail to postmaster of the domain as well as the > "user". The fact that most of these "helpful" messages read far more > like an advertisement for the anti-virus software than anything truly > helpful, makes me wonder whether the companies aren't deliberately > avoiding fixing this misfeature. What I found in my config (Amavis+(clamav&&trophie&&sophie) was that the virus signature files weren't up to date (auto-update once every 24 hours didn't quite do it this time). As a result, only the unsafe attachment rules got triggered until I manually updated my virus signatures. In my Amavis config (mostly default), the sender of a banned filename is notified, resulting in the embarrasing participation in a worm Joe Job. Once Amavis saw the emails as containing a virus/worm, it stopped notifying the sender. --Rich _________________________________________________________ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: rpuhekat_private _________________________________________________________ --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Aug 23 2003 - 13:51:40 PDT