Here, Here! I totally agree. Even when I created Anti-Virus software the Default for Sender Notification is always OFF:
1. It is very possible that the message is not from the sender as the sender address is often faked by a virus 2. It could be a warning or false positive, for example password encrypted ZIPs that cannot be scanned 3. It could turn out to be internal and you would be announcing something that you would like to deal with intra-company to your business contacts Mark -----Original Message----- From: Durkee, Peter [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 1:44 PM To: Exchange Discussions Subject: RE: Virus Notifications to Sender? If our user is the sender then all the e-mails will still have the wrong Sender address, we'd still be sending notifications to a bunch of people that didn't send any viruses, and it's still a bad idea. In fact it's a worse idea for internal infections because then everyone would get bombarded with both viruses and virus warnings. In our case, I do get notified when viruses are blocked, and the notifications contain the complete headers of the blocked messages, so we can keep an eye on things and act accordingly. -Peter -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 9:27 To: Exchange Discussions Subject: RE: Virus Notifications to Sender? Here's the problem with not performing sender notifications: What if your user is the sender? Don't say it doesn't happen. It does, and sometimes that's the best way for you to know it happened. Roger -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Dan Bartley [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 10, 2003 12:03 PM > To: Exchange Discussions > Subject: RE: Virus Notifications to Sender? > > > We don't send sender notifications. It is bad Netiquette in > the current Trojan environment. It is bad for email lists, it > is bad for IT departments and it is bad for individual users. > > However, we do look at the recipient and administrative > notifications. If it is klez, sobig, etc. we pretty much > ignore it. If it is something else we look at the headers and > see if we can trace it. If we can, we send a notification. > > A little extra work for us, but we are not causing extra work > for others by doing it this way. That is where the above "bad > Netiquette" comment comes from. > > Best Regards, > > Dan Bartley > > -----Original Message----- > From: Christopher Hummert [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 10, 2003 11:56 > To: Exchange Discussions > > A simple change in the notification could solve this problem. > You could say "your system might possibly be infected with a > virus" or something along those line. But the problem of > spoofing your trying to get across is more of a problem with > e-mail in general then with anti-virus software. What going > to happen when p*rn spammers start sending messages to users > as [EMAIL PROTECTED] > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Harmer, Michael > Sent: Tuesday, June 10, 2003 8:49 AM > To: Exchange Discussions > Subject: RE: Virus Notifications to Sender? > > > Ah, but "Don't send me viruses and I won't send you those > notifications in the first place." is the flaw. They did not > send you the virus. They mearly were member of some > distribution list, had their e-mail on a web site, or > corrisponded with the person that was actually infected. > Unfortunatly, in your desire to 'assist' those that have no > technical ability(A noble cause), you send many messages to > people who have done you no wrong. 99 out of 100 times your > sending someone a message that indicates that they are > infected. This causes any responsible person to panic, scan > their system, and find nothing. In the end this has as much > or more 'cost' as most of the viruses put together. There is > nothing wrong with sending the message if you are 99% sure > the from or reply address is correct, but otherwise, your > risking offending people and causing increases in costs for > other companies and individuals. > > Here are a couple of possible situations that currently can happen. > 1 : The CEO of your company is the member of a Senior > Executive group and they have a mailing list. Someone who is > infected visits the web site for the group, which has the > posting e-mail list on it. You receive a infected message to > someone inside your network. Your system replys with the > 'Your Infected' e-mail. Your CEO gets a copy. He has his > favorite computer savvy family member check his computer. The > family member says that the computer is fine and that the > message was incorrect. The CEO is displeased at the wasted > time trying to fix a unknown problem. You get a memo the next > day, one that I doubt would be plesant. 2 : Assume that your > company values corprate relations. Some random person is > infected with one of these spoofing viruses. They had visited > the web site for a company that your company values in the > corprate relationship sense. Note that the value could be any > number of things. The other companies web site had a sales or > management e-mail address for contacting them. This random > person sends to you the virus with the other companies list > address. You will be sending a message that WILL cause the > other company expense and frustration. That WILL damage > relationships with that company. Will it break them, probibly > not, but you can not say with 100% certainty that it will not. > > Yes, the other company could have had a virus of the > non-spoofing kind, but your job is to protect your computers > first, and I assume you have done that or this conversation > would not be happening. So it costs you nothing if they send > you a virus short of the continued maintence costs for the > software. Which you will have to spend anyway as there will > always be > 0 viruses in the wild. Responding that they have > a virus in the case of a non-spoofing virus is fine, few > would argue that it is not fair. However, the problem is that > now the viruses are lieing about where they came from, so the > increadbly simple rules of the past are no longer just or > safe for our carears. What we need to do is get the mail > monitor product vendors to get some smarts and add the > ability to suppress mail back in the case of a spoofing > virus. That way you could continue to crusade to end viruses > and not risk anything. Untill then, I disagree with punishing > innocent people and letting the criminal go free. > > --------------------------------------------- > Michael > --------------------------------------------- > > > -----Original Message----- > From: Christopher Hummert [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 10, 2003 11:14 AM > To: Exchange Discussions > > For us the 1% just happened to be one of our employees > mother. She was receiving those "what was that strange > message you sent?" for at least 3 months from people. It > wasn't until she sent a message here, got one of our virus > notifications and then eventually asked me about it, that the > problem got cleared up. This was some 70ish year old woman > that uses her computer for e-mail, small time web surfing, > the occasional online banking session, and the perfect target > for virus writers. > > For me it's more then worth it if you can help one person > from sending viruses to the rest of us. If I get accused of > being a spammer for sending those notifications, then so be > it. Don't send me viruses and I won't send you those > notifications in the first place. > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Harmer, Michael > Sent: Tuesday, June 10, 2003 6:32 AM > To: Exchange Discussions > Subject: RE: Virus Notifications to Sender? > > > First, let me say that I understand what your saying if you > are saying that you are concerned about the 1% and wish to > help make the internet a better place by assisting them to > control viruses on their computers. > > Now for my POV > The one percent are basically causing the hardliners to spam > the rest of us. Because most of the virus mail you receive is > spoofed, leaving on the warning send back is the same as > spamming. Basically you will be accusing someone of having a > virus that they do not have, generating bad will between your > company and the one you just spammed. I am speaking from > person experience. One company late last week, sent us 5 > e-mails indicating that we were infected with the active > virus at that time. We were not infected, but because we are > good admins, we sat down and verified that we were not > infected, wasting our time. We knew the virus lied about the > FROM address, but we checked anyway just to be safe. We then > called the offending party(The company that spammed us). They > told us we were infected and we deserved to get the message. > Needless to say, we informed them what the virus does, and > they said they could do nothing about the messages as they > wanted to stop others from spreading infection. BTW, did I > mention that their e-mail said that we wasted their time > because we did not have a e-mail scanner on our systems? > Needless to say, I will probably never do business with that > ISP. They proved that they did not care about corporate > relations, proper etiquette or virus control in general. > > The other problem with this is that the hardliners are > propagating a 99% false positive system. If my AV system was > that bad, I would get a new one. Heck my spam system does > better that 3% false positive. What is worse is that the > false positives are going to people who did not 'sign up' in > the first place.(Hence the spam title) > > Basically, to me, this comes down to a matter of fairness. If > the hardliners believe it is ok to call 100 people 'jerks' > just because one of them has a foul mouth, go right ahead, > but they will find it hard to make friends. If on the other > hand, they instead pay attention to what your receiving and > respond only where you have proof of 'jerkiness', they will > have no problem making friends and they will make the > community much happier. (No one likes a jerk) > > Michael > --------------------------------------------- > > > -----Original Message----- > From: Christopher Hummert [mailto:[EMAIL PROTECTED] > Sent: Monday, June 09, 2003 11:54 AM > To: Exchange Discussions > > Yea but what about that 1% that has no clue their sending out > viruses? <SNIP> > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ______________________________________________ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
