Anti-Viral Spam

wasting more bandwidth... it's another form of spam and only confuses the average jane that much more...

I agree! These messages have outlived their usefulness. Since most of these viruses ar programmed to use addresses it finds on infected computers, there is no point to the message because it rarely gets to the person who is infected.

We have the symantec corporate edition and it is a life saver. Not only does it protect our email gateway, but it also protects each computer. The notification option is off on this network. The reason is simple. Most of the infected files we get are from spammers. Now, I won't deny that we occassionally did notify someone legit and help them out by telling them they were infected. However, at what point does it become more of a hinderance by making outbreak traffic worse? How many people must benefit?

Since only about 10 people a year were getting benefitted from it out of thousands of viruses that we find, I shut it off. That may be cold hearted, but I just don't think it was helping that much.

My father-in-law, who is computer challenged, called me last night because he received a virus auto-response email - I checked his system out which was fine. One could argue that even if one computer is fixed, that it's worth it but if you add up his worry and my time, multiplied by thousands of people, the cost is too high. If these same ISPs would take the time to prepare good educational programs for their new users, it would be time and money better spent.

I was (and still am) receiving these auto-generated notices at a rate that is out numbering the virus emails about 3 to 1

I don't mind these so much as the nasty ones from clueless users saying I sent them a virus:p

How long before a virus will be spoofing a message saying the user is infected only to "download this patch to fix the problem"? I swear people just don't use their heads when they come up with this stuff. Simple way is have an ISP automatically suspend a user's internet account when they are sending out infected stuff.

I think I have had maybe three direct infected messages. The other 30 or so have been bounces to warn me of either undeliverable or infected.

Glad I have MailWasher and a non-M$ mail reader. Another ad for the problems of a mono-culture.

Being I work in a abuse department of a ISP, I can say without a doubt these are the most useless bandwidth wasting things ever made.

The good ones are the ones that actually read the headers and send a email to the Arin contact listed for the IP address (abuse@ISP in most cases). These are much more effective as you are actually pointing the finger to the correct party and not some random email the virus used.

Simple solution would be to send the auto-generated reply to postmaster@domain and then its done. Hopefully each company has a person looking at the postmaster address anyway.

Sending an AV notice is just as unsolicited as Czech Women Want You or ads offering to make your package bigger.

It will open a bunch of hoaxes. Hi Joe/Jane.

Your computer has a virus. Please format your hard drive and reinstall your OS and after that put your head in between your legs and kiss you butt goodbye.

said by rizmaster:

---

Simple solution would be to send the auto-generated reply to postmaster@domain and then its done. Hopefully each company has a person looking at the postmaster address anyway.

---

As someone who's personal domain was spoofed I can tell you what a bad idea that is. A few hundred a day of those can pretty much make someone's personal email unusable.

mady

said by dardin:

---

Being I work in a abuse department of a ISP, I can say without a doubt these are the most useless bandwidth wasting things ever made.

---

Having also worked in ISP support, I'll second that! They are useless. They waste bandwidth and time.

It wastes time because the customer will call, freaking out because they got the message that they "have a virus". Then you have to explain the whole concept of spoofing to each of them, and convince them that they really don't have the virus. Multiply that time be the number of customers that you have. (grrr!)

agreed, auto virus notices are a complete waste, and the fact that ANY modern mail server virus scanner uses it is insanely stupid. I generally firewall on sight any isp that sends me virus notices, on the theory that they are too clueless to accept traffic from.

said by Nightfall:

---

We have the symantec corporate edition and it is a life saver. Not only does it protect our email gateway, but it also protects each computer. The notification option is off on this network. The reason is simple. Most of the infected files we get are from spammers. Now, I won't deny that we occassionally did notify someone legit and help them out by telling them they were infected. However, at what point does it become more of a hinderance by making outbreak traffic worse? How many people must benefit?

Since only about 10 people a year were getting benefitted from it out of thousands of viruses that we find, I shut it off. That may be cold hearted, but I just don't think it was helping that much.

---

Amen! I get about 1500 mydooms a day in my quarentine folder. I also send out about 1500 "Youve been infected messages:p"

I think the message has outlived its usefulness, but at the same time, Im kinda relectant to turn it off "just because".

Old habits truly do die hard.

In total, I've only gotten 7 MyDooms in my yahoo inbox, all landing in the Bulk folder. None in Hotmail, none in OOL boxes.

How else would you know that you're being spoofed?

Actually, such bounces have been found to actually increase the amount of spam received at your address. So they are not only annoying and misleading, but self-disserving too.

I have gotten close to 1,000 spurious e-mails as a result of the latest worm, about 90% of them advisories that e-mail I supposedly sent had a virus, and 10% the actual virus.

Of course I never had the virus, and one of my e-mail addresses was spoofed.

I even had an email where the To: field was spoofed!

Have a customer here at the office that thinks he is infected because he got the auto-respond message. The worse thing is that the tech that took the call dispatched it without even explaining to the customer what the e-mail really means.

Kinda new at this, and I agree that these messages are worthless. So I am trying to turn this "feature" off. We run Symantec Corporate Edition on a content filter machine, but our mail server is running Sendmail with Mailscanner and F-PROT.

I don't see a way to disable the option in either program, can anyone point me in the right direction?

woot.

Ok I spent a few more hours on it... There's an option in mailscanner.cfg to send the message back... Yes? or No? I chose No, let's see what that does.