nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: To send or not to send 'virus in email' notifications?

From: "Tomas Daniska" <tomas () tronet com>
Date: Wed, 20 Aug 2003 16:51:02 +0200


maybe the AV vendors could suply a 'to mail or not to mail' flag within
their databases, based on character of the virus...


any of them lurking here? :)

--

deejay 


-----Original Message-----
From: Matthew Kaufman [mailto:matthew () eeph com] 
Sent: 20. augusta 2003 16:41
To: 'Joe Maimon'; nanog () merit edu
Subject: RE: To send or not to send 'virus in email' notifications?



Absolutely not.

SoBig.F, like many others, forges the sender address. That 
means that your
notifications:
  1) Don't make it back to the person with the infection
  2) Simply add more clutter to the mailbox of the person 
whose address was
used (in addition to all the bounce messages)

In the enterprise, this is a great argument for scanning 
outbound email with
positive identification of whose outbound mail you're scanning.

Matthew Kaufman
matthew () eeph com 


-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On 
Behalf Of Joe Maimon
Sent: Wednesday, August 20, 2003 7:25 AM
To: nanog () merit edu
Subject: To send or not to send 'virus in email' notifications?



Considering the amount of email traffic generated by responding to 
forged  virus laden email from culprits like sobig should 

email virus 

scanning systems be configured to send notifications back to 
sender or not?
Previous By Date Next
Previous By Thread Next

Current thread: