John, Here's what I send back to the IMail / Declude Postmasters.
---------------------------------------------------------------------------- --------- I function as the Postmaster for domain.com domain. An examination of our mail server logs indicates that the e-mail in question was NOT sent from our mail server. The [EMAIL PROTECTED] virus is a "Forging" Virus which selects the sender name from the address book of the infected machine. Due to this, most anti-virus systems are set to NOT send virus notification messages to the Forged Sender and Domain Postmaster. If you are truly concerned, examine the headers of the incoming e-mail to determine the IP address of the sending server and then use a web site such as www.samspade.org or www.dnsstuff.com to determine the actual source. In this case it was sent from an otherdomain.com user's infected system. It is also a well documented fact that erroneous notifications such as yours are putting large amount of unnecessary traffic on the internet and compounding the problems caused by this virus. Out recommendation is that you set your anti-virus software to not generate sender and sending postmaster e-mail for "Forging" Viruses. The most common "forging" viruses are: Bugbear, Fizzer, Klez, Magistr, Sobig (all versions), Palyh, Yaha, Lentin, Bridex, and MiMail. Additionally, since you are using IMail with Declude, you might want to check out the methods for doing this such as replacing the beginning content of your otherpostmaster.eml and sender.eml file with the following or even disabling them for the time being by renaming them: ONLYSENDIFREMOTESENDER SKIPIFVIRUSNAMEHAS Bugbear SKIPIFVIRUSNAMEHAS Fizzer SKIPIFVIRUSNAMEHAS Klez SKIPIFVIRUSNAMEHAS Magistr SKIPIFVIRUSNAMEHAS Vulnerability SKIPIFVIRUSNAMEHAS Sobig SKIPIFVIRUSNAMEHAS Outlook 'CR' vulnerability SKIPIFVIRUSNAMEHAS Palyh SKIPIFVIRUSNAMEHAS Yaha SKIPIFVIRUSNAMEHAS Lentin SKIPIFVIRUSNAMEHAS Bridex SKIPIFVIRUSNAMEHAS MiMail From: [EMAIL PROTECTED] You might also subscribe to the Declude Virus forum where this has been a major subject of discussion or check out the Forum Archives. To subscribe, send an E-mail to [EMAIL PROTECTED] with a body of "subscribe Declude.Virus Firstname Lastname". You will receive an E-mail that you will need to respond to in order to confirm your request. The archives can be found at http://www.mail-archive.com and the forum is declude.junkmail This notice is sent as a courtesy so that you have the option of correcting your virus notification configuration. If your mail server had a better virus protection configuration, it would have caused less work for our server and lessened the amount of unnecessary internet traffic. ------------------------------------------------------------------------ I don't know if it accomplishes anything (probably not), but I get some satisfaction out of it. George > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John > Tolmachoff (Lists) > Sent: Thursday, August 21, 2003 2:51 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] Fw: Your mail server sent us a virus > > > Why is it there are mail admins out there running Imail and > Declude that are > continuing to send out virus notices to forged addresses? > > I have seen 5 in the last 24 hours. > > John Tolmachoff MCSE CSSA > Engineer/Consultant > eServices For You > www.eservicesforyou.com > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > > [EMAIL PROTECTED] On Behalf Of R. Scott Perry > > Sent: Thursday, August 21, 2003 11:15 AM > > To: [EMAIL PROTECTED] > > Subject: Re: [Declude.Virus] Fw: Your mail server sent us a virus > > > > > > >There are only 2 .eml files that I'm using, recip.eml and > postermaster.eml. > > >There are no other .eml files in the declude directory. > > > > Ah, I think I know what the problem is. That notification > is coming from > > *another* mailserver running Declude Virus. > > > > -Scott > > --- > > Declude JunkMail: The advanced anti-spam solution for IMail > mailservers. > > Declude Virus: Catches known viruses and is the leader in mailserver > > vulnerability detection. > > Find out what you have been missing: Ask for a free 30-day > evaluation. > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.