Interested, but I see many Sober postings and outages on other lists and not
here...has anyone been having issues? I know the ISP's are fighting the
living out of the virus.
-Dennis
* Dennis Dayman:
Interested, but I see many Sober postings and outages on other lists
and not here...has anyone been having issues? I know the ISP's are
fighting the living out of the virus.
As far as I know. mainly webmail providers were affected, and their
issues are traditionally not discussed on this list.
I've been seeing a few really large bursts into our mailserver. Not sure if it's a new variant or a reoccurrence of an old strain. I put in a good number of new port 25 inbound blocks for infected systems and attempted to put up a few checks inside of our front end mail servers rather than in the virus and spam filtering (which happens later for us, so for bad surges we put a few custom rules up front early in postfix).
Isn't anything we can't handle at this point but it was pretty ugly for a while there.
Only stuff we're seeing is a lot of blowback from dumb mail systems that accept email, THEN scan for viruses, and ultimately decide to send a note back to the From: address in the body of the infected email. Since the From: is invariably forged, the uninvolved owner of those forged email addresses gets hammered.
Can people building virus scanning devices PLEASE GET A %^&*^ CLUE? This means you, Barricuda Networks, more than anyone else, but we also see this annoyance from Symantec devices, and from some AOL systems as well.
Blasting a note back does two things:
1. It allows the worm or virus author an opportunity to implement an amplified attack on a third party using your filtering systems.
2. The bounce messages mostly include an advertisement for the filtering box's vendor. Get a clue... this is a REALLY negative advertisement for your spam & virus filtering technology. If you can't manage to realize the virus laden email should perhaps be dropped, then it makes your box look poorly designed.
Oh, and please delete the infected file rather than sending that along too.
OK, off my soapbox.
Dan
Here, Here!!!! Roughly 50 percent of the sober messages I have been getting
hammered with are the basic "sorry we could not deliver your virus message,
so here it is" - intact....
viruses in general don't bother backbone folks? besides, don't use outlook
and you don't get infected?
viruses in general don't bother backbone folks?
we like them because we charge by the byte. we just
looove all those microsoft victims running up their
transport bills. 
randy
Why would anyone not trolling for viruses use MS mail products, Chris?
Joseph S D Yao wrote:
Interested, but I see many Sober postings and outages on other lists and not
here...has anyone been having issues? I know the ISP's are fighting the
living out of the virus.viruses in general don't bother backbone folks? besides, don't use outlook
and you don't get infected?Why would anyone not trolling for viruses use MS mail products, Chris?
Because they are "forced" or "told" to by their MIS department? Sometimes the blind do lead the blind...and the blind follow (who's leading?)
It's also worth pointing out that MS mail products generally include a lot more functionality than just email. Calendaring and workflow are in high demands. Give MIS departments a better product and they will use it.
-Jim P.
ya know... I never thought of it that way
What makes MS products so wonderful is they include much more
functionality than many other products.
What makes MS products so horrible is that the add functionality
by making users' systems vulnerable to security threats under
the guise of helpfulness (e.g., VB scripting, auto preview in
Outlook).
We too saw a large surge in e-mail bounces hitting our site.
Our IronPort e-mail gateways are configured to drop viruses
laden and undeliverable messages rather than bounce them to
the victimized "from" sender.
Why Fortune-500 e-mail administrators cannot figure out this
one is confounding. How about a nice article in WSJ, Fortune,
or Forbes which lists the companies with misconfigured systems
so investors are informed as to the IT infrastructure of their
investments?
"If you're not part of the solution, you're part of the problem."
matthew black
california state university, long beach
The worst offenders that I see -
MailMarshal
eSafe
Symantec devices, as you say
Comparatively little from Barracudas.
And some large carriers / ISPs who send bounces / virus notifications
back with (for example) notexist@[isp] as the return path instead of
MAIL FROM:<>