Re: [Exim] MyDoom filtering?

On Tue, 27 Jan 2004, Rossz Vamos-Wentworth wrote:

> When I recieved the first one yesterday (disguised as a bounce message),
> I immediately thought "VIRUS!"

Once we knew what the damned thing was, it was trivial to keep the
actual virus out.

But who will defend us from the absolute *storm* of misguided attempts
to notify us that "we" (more correctly, someone else masquerading
as us) have been sending out viruses? WE HAVE NOT.

It would be great if we could all get together and thoroughly
blacklist any site that's still playing this illogical game of sending
virus notification (complete with an accurate identification of the
virus, in most cases!!!) to the counterfeited address found in the
envelope sender, when the virus in question is _known_ to counterfeit
the sender (most of them do nowadays, anyway).

It's useless trying to block the senders of this shrapnel at one site
at a time; sending them polite notes is also futile, as I've found out
(they typically say it's a feature of their anti-virus vendor and tell
us they don't propose to take any action to abate the nuisance): it
would need a concerted and resolute blocking action to make them see
the folly of their misbehaviour.

(That having been said, however, a noticeable proportion of the
nuisance items arriving here today have been non-delivery reports from
AOL trying to report non-existent addressees. They don't seem to have
noticed that they're dealing with a virus yet. Unfortunately a
substantial proportion of the faked sender addresses were genuine,
even though the addressees were dud.)

Sigh.