Re: [Exim] W32.Swen@MM

Top Page
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: Re: [Exim] W32.Swen@MM
On Sat, 20 Sep 2003, Giuliano Gavazzi wrote:

> At 0:54 +0100 2003/09/20, Alan J. Flavell wrote:
> [...]
> >But aside from that, our sender blacklist is collecting a whole new
> >crop of senders of bogus virus alerts who aren't missing it, but who
> >are taking wholly inappropriate action as a consequence. They get
> >added to the Sobig/F crop...
>
> do you mean that you take the senders from virus emails, etc.?


Certainly not!

What I'm blacklisting are the envelope-sender addresses inserted by
anti-virus software when composing antivirus reports (which they then
send to the counterfeited sender address, e.g me).

Addresses of the form Mailsweeper@???, antivirus@???,
NAVMSE-whatever@???, and so on.

The ones who really _earn_ their blacklisting are those which have
correctly identified the virus by name, i.e could be expected to know
that it's one of the viruses that counterfeits the sender address, but
STILL sends bogus alerts to this innocent party.