Peter Hoopes wrote:
> Any ideas on how we would let our users know they
attempted to send out a
> document with a virus, both so they know they need to
clean and so they
> know the message didn't get through?
The kind of virus you're describing hasn't been seen in
the wild for 5
or 6 years. Modern viruses--worms, technically--don't
attach themselves
to legitimate email. They generate their /own/ email and
send
themselves out using their own built-in SMTP engine, or
(more recently)
the victim's mail server (smarthost).
Maia can only detect the mail that gets sent out through the
victim's
mail server, of course, but that's beside the point--the
victim didn't
"send" the mail in this case, so there's not
much benefit to notifying
him that his email address was forged. The infection, after
all, may
not even be on the victim's machine--it could be on a
co-worker's
machine, where the worm mined the co-worker's address book
to get a list
of email addresses to use in its forged headers. When Maia
receives the
outbound mail ostensibly from the victim, then, the
notification to the
"sender" would go to the victim (who's likely
to be extremely confused,
since his machine is not infected), and meanwhile the
co-worker with the
infected machine is not alerted to the problem.
In short, virus notifications are no longer the good idea
they used to
be, thanks to the way malware has evolved over the years.
Today, such
notifications only promote confusion, panic, and hostility
on the part
of people who've grown tired of seeing these
"nuisance" notifications.
Some SpamAssassin rulesets from SARE even include rules
designed to
detect such notification emails and penalize them,
considering them
spam, while some DNSBLs maintain blacklists of sites that
issue such
"backscatter".
--
Robert LeBlanc <rjl renaissoft.com>
Renaissoft, Inc.
Maia Mailguard <http://www.maiamail
guard.com/>
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
|