you must be THIS TALL to touch the mailer

I've now reached the point where something like 80% of the spam I get is from "Norton Antivirus For Microsoft Exchange" letting me know that "A VIRUS WAS DETECTED IN A MESSAGE YOU DIDN'T ACTUALLY SEND."

Apparently if you are aware that the From: field can, and often is, forged, you are overqualified to write antivirus software.

Tags: , ,

9 Responses:

  1. sw00p says:

    that's an optional setting (configurable through the dinky httpd that NAV for Exchange is configured by). i turned it off on our servers a few weeks ago when sobig.x etc started to get heavy. that was a useful feature for quite a while, although given how clueless these lusers are i doubt they'd know what to do once they'd read the "you are infected, you twit" message anyways ...

  2. bdu says:

    Yes, that's about all I'm getting from sobig right now, since I bounce anything coming from any of the IP addresses that have sent me the attatchments.

  3. build says:

    The worst part is one can't mark it as spam for Apple Mail's bayesian voodoo, which has otherwise been shielding me from the onslaught.

  4. injector says:

    I get the added benefit of being "postmaster" for a few domains, and several thousand users. The Declude (Declued?) antivirus software for Exchange likes to notify me every time it gets a message with a From: header bearing my domains. The default message also has some obnoxious comment about if I was scanning my e-mail for viruses it would have prevented my user from becoming infected and saving extra work. While I do in fact run a scanner that actually checks the message during the DATA portion of the transaction and returns and error to the connected client. No fuss.

    Sorry, just a bit on edge, thanks for letting me vent, I'm all better now.

  5. jon says:

    No kidding. You're not the first to point out the obvious:

  6. edm says:

    I've been fighting a (losing) battle with anti-virus scanners run by idiots through procmail rules. Every time I think I've filtered almost all of them out, another idiotic reporting format turns up.

    The ones that send the entire message back, including the infected attachment, might be incredibly stupid but fortunately they're really easy to filter.

    I'm not actually seeing many Norton Antivirus reports any longer (filtered early on) -- the ones that are really bugging me at present are the Network Associates Webshield ones. As far as I can tell their reports are nearly content free, apart from boldly mentioning the product name of course. Which makes it hard to find good, safe, patterns to filter on.

    Every time you think you've made something foolproof the universe invents a better idiot. Shame so many of them have to work in the anti-virus field.

    The one ray of light is that I (helped) persuade one of the largest ISPs in New Zealand (hint: I'm from New Zealand) to turn off the "advise sender" bit in their anti-virus scanner.

    But I'm just not sure there's enough clue to go around.