14 Sep 2004 rossigee   » (Journeyer)

Why do people set up virus filters to report back to virus senders when most of the time the virus has forged the sender address?

It usually just means they end up mailbombing innocent bystanders and mailing lists with false 'virus notification' e-mails. For some lesser-technical people, this can cause them to panicky and paranoid that their (otherwise perfectly healthy) PC is infected and waste time and money getting re-assurance from techies that nothing is wrong.

So, help spread the word. If you, or someone you know is running anti-virus filtering software on your mailserver make sure the virus notifications are disabled. If you receive a virus notification to one of your e-mail addresses or via a list you are subscribed to, write back to the virus filter's e-mail alias (CC the 'postmaster@' too!) and tell them to cut it out and maybe point them at this diary entry or somewhere else that explains the pain.

The world could really use a VirusCop service (similar to SpamCop). Forward your virii to it, it will scan the headers, identify the source by IP (not by sender address, doh!) and contact the ISP. Only the ISP are going to know enough about the originating IP address to be able to do anything useful with regard to letting the user know they have been infected and/or getting them disconnected until it's resolved. A VirusCop RBL would also be useful.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!