On Tue, 2004-08-03 at 14:30, Tom Kistner wrote:
> This is not a good idea (standard $USERS are only unneccesarily roused
> by such messages, and 99% of current malware traffic has fake senders).
Or to look at it another way....
A few years ago you got an infected file from a user which was attached
to a legitimate message from them (the file attachment might well have
been legit, but the file itself was infected). In this case sending the
scrubbed remnants to the recipient made sense.
In 2004 viruses don't work like that. They send out messages by the
score without the owner of the infected machine being involved at all.
99.9% of them fake the sender address, so you can only track the sender
by rooting through the headers (and thats often a best guess). There
will never be anything useful in those messages (unless the virus
happens to send out additional random documents off the infected
machine). Theres no point telling the recipient about them - they
simply won't care and will just either ignore them or pester the
helpdesk about them.
Nigel.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]