Yes, that is what I have been doing on some. But I do have other work to do too.
Of course, if everyone had their configuration correct... John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > [EMAIL PROTECTED] On Behalf Of George Kulman > Sent: Thursday, August 21, 2003 12:14 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] Fw: Your mail server sent us a virus > > John, > > Here's what I send back to the IMail / Declude Postmasters. > > ---------------------------------------------------------------------------- > --------- > > I function as the Postmaster for domain.com domain. > > An examination of our mail server logs indicates that the e-mail in question > was NOT sent from our mail server. > > The [EMAIL PROTECTED] virus is a "Forging" Virus which selects the sender name from > the address book of the infected machine. Due to this, most anti-virus > systems are set to NOT send virus notification messages to the Forged Sender > and Domain Postmaster. If you are truly concerned, examine the headers of > the incoming e-mail to determine the IP address of the sending server and > then use a web site such as www.samspade.org or www.dnsstuff.com to > determine the actual source. In this case it was sent from an > otherdomain.com user's infected system. > > It is also a well documented fact that erroneous notifications such as yours > are putting large amount of unnecessary traffic on the internet and > compounding the problems caused by this virus. > > Out recommendation is that you set your anti-virus software to not generate > sender and sending postmaster e-mail for "Forging" Viruses. The most common > "forging" viruses are: Bugbear, Fizzer, Klez, Magistr, Sobig (all versions), > Palyh, Yaha, Lentin, Bridex, and MiMail. > > Additionally, since you are using IMail with Declude, you might want to > check out the methods for doing this such as replacing the beginning content > of your otherpostmaster.eml and sender.eml file with the following or even > disabling them for the time being by renaming them: > > > ONLYSENDIFREMOTESENDER > SKIPIFVIRUSNAMEHAS Bugbear > SKIPIFVIRUSNAMEHAS Fizzer > SKIPIFVIRUSNAMEHAS Klez > SKIPIFVIRUSNAMEHAS Magistr > SKIPIFVIRUSNAMEHAS Vulnerability > SKIPIFVIRUSNAMEHAS Sobig > SKIPIFVIRUSNAMEHAS Outlook 'CR' vulnerability > SKIPIFVIRUSNAMEHAS Palyh > SKIPIFVIRUSNAMEHAS Yaha > SKIPIFVIRUSNAMEHAS Lentin > SKIPIFVIRUSNAMEHAS Bridex > SKIPIFVIRUSNAMEHAS MiMail > From: [EMAIL PROTECTED] > > You might also subscribe to the Declude Virus forum where this has been a > major subject of discussion or check out the Forum Archives. To subscribe, > send an E-mail to [EMAIL PROTECTED] with a body of "subscribe > Declude.Virus Firstname Lastname". You will receive an E-mail that you will > need to respond to in order to confirm your request. The archives can be > found at http://www.mail-archive.com and the forum is declude.junkmail > > > This notice is sent as a courtesy so that you have the option of correcting > your virus notification configuration. > > If your mail server had a better virus protection configuration, it would > have caused less work for our server and lessened the amount of unnecessary > internet traffic. > > ------------------------------------------------------------------------ > > I don't know if it accomplishes anything (probably not), but I get some > satisfaction out of it. > > George > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of John > > Tolmachoff (Lists) > > Sent: Thursday, August 21, 2003 2:51 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [Declude.Virus] Fw: Your mail server sent us a virus > > > > > > Why is it there are mail admins out there running Imail and > > Declude that are > > continuing to send out virus notices to forged addresses? > > > > I have seen 5 in the last 24 hours. > > > > John Tolmachoff MCSE CSSA > > Engineer/Consultant > > eServices For You > > www.eservicesforyou.com > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > > > [EMAIL PROTECTED] On Behalf Of R. Scott Perry > > > Sent: Thursday, August 21, 2003 11:15 AM > > > To: [EMAIL PROTECTED] > > > Subject: Re: [Declude.Virus] Fw: Your mail server sent us a virus > > > > > > > > > >There are only 2 .eml files that I'm using, recip.eml and > > postermaster.eml. > > > >There are no other .eml files in the declude directory. > > > > > > Ah, I think I know what the problem is. That notification > > is coming from > > > *another* mailserver running Declude Virus. > > > > > > -Scott > > > --- > > > Declude JunkMail: The advanced anti-spam solution for IMail > > mailservers. > > > Declude Virus: Catches known viruses and is the leader in mailserver > > > vulnerability detection. > > > Find out what you have been missing: Ask for a free 30-day > > evaluation. > > > > > > --- > > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > > > --- > > > This E-mail came from the Declude.Virus mailing list. To > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > > type "unsubscribe Declude.Virus". The archives can be found > > > at http://www.mail-archive.com. > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
