Continuing Adventures in the Land of Software Morons


I'm not seeing so much of the Sobig.F worm. What I am seeing, however, is dozens and dozens of reports generated by virus scanners written by morons.

Most every email worm transmits itself using forged sender information. If a virus scanner catches the message and tries to mail back a report, it almost certainly is going to hit the mailbox of an innocent victim, not the true sender. When you combine a particularly virulent worm (like Sobig.F) and a particularly well-distributed email address (like mine) you end up with a mailbox full of useless moronware reports.

For the record, the ideal way to handle this is to scan the email during SMTP delivery, and don't accept the message until the scan completes. That way you don't ever have to generate a bounce message.

For poorly designed software that does not run at delivery time, the next best thing is to discard the contaminated message and generate a report to the recipient, letting them know of the action.

Could everybody out there please check the configuration of your virus scaner and disable sending bounce notices? I thank you, and my "D" key thanks you.


Comments have been closed for this entry.

re: Continuing Adventures in the Land of Software Morons

Your side of the server may not be seeing copies of sobig.f, but the other side sure as hell is :-(

I now have about 30 procmail entries in what I call rc.autoresponders. Phooey!


re: Continuing Adventures in the Land of Software Morons

I know, I know, you can write a bot... have a contest with the virus scanners to see who's got the most bandwidth and can spew the most frass.