Viruses

Most viruses that replicate themselves through e-mail forge the from: field of their messages. Usually they take a random address, or pick one from your address book or web cache. Therefore, a virus appearing to come from jeroen@example.com, rarely really originates from this address.

I can image that some users don’t know this, and when they receive a virus from me they send me a reply with a warning that I have a virus.

Usually I explain these people the story above and tell them, of course after checking that my anti-virus software is up-to-date, that I don’t have a virus. No problem for me.

What I don’t understand is that some people who are responsible for really big mail servers also don’t understand that viruses forge headers, and have their servers configured in such a way that they reply to me.

Of course they have the right to block a message with a virus to protect their customers. But please don’t bother me with these messages. I can assure you that I am not the one sending these messages; just check the mail headers and you will see that they originate from a completely different server.

This morning somebody who apparently had visited my site cached a virus and started sending out the virus in my name. Luckily for him, his provider scans all incoming SMTP mail and intercepted all messages.

Instead of simply not accepting these messages, they had configured procmail to send a warning to the address mentioned in the from-field (me) including the virus!!!!!

As a result, my inbox is flooded with viruses from this server (mail.infosys.tuwien.ac.at).

Once again, none of my computers is infected with a virus.

Jeroen Sangers @jeroensangers