The worst part was about two weeks ago when the first big slug of infected "outgoing" messages hit. I was scrambling trying to disinfect the sender's computers before realizing the FROM: address was being faked.
Since then we implemented the SKIPIFVIRUSNAMEHAS feature on the notifications we normally send to the sender and intended recipients of an infected message. We also changed relay from using the sender's name to IP address (all our senders are at fixed locations). The Email admins set up Outlook rules to route the KLEZ notifications to a special folder and just keep an eye out for any outgoing (none so far, thanks to Declude). The steps above cut out the main two problems we were having of: 1) Mail server having to process a bunch of infected mail as far as the virus trap 2) Calls from concerned users about floods of "someone tried to send you a virus" or "you tried to send a virus" messages. Good luck, -Bill -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kenneth Bird Sent: Thursday, May 16, 2002 12:37 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] klez Is anyone else being drove to insanity by klez? We are catching the virus, but that doesn't stop everyone else on different Isp's thinking we are sending them because of the spoofed from address. blblblbl Ken Bird --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
