Viruses

Most viruses that replicate themselves through e-mail forge the _from:_ field of their messages. Usually they take a random address, or pick one from your address book or web cache. Therefore, a virus appearing to come from jeroen@example.com, rarely really originates from this address.
I can image that some users don’t know this, and when they receive a virus from me they send me a reply with a warning that I have a virus. Usually I explain these people the story above and tell them — of course after checking that my anti-virus software is up-to-date — that I don’t have a virus. No problem for me.
What I don’t understand is that some people who are responsible for really big mail servers also don’t understand that viruses forge headers, and have their servers configured in such a way that they reply to me. Of course they have the right to block a message with a virus to protect their customers. But please don’t bother me with these messages. I can assure you that I am not the one sending these messages; just check the mail headers and you will see that they originate from a completely different server.
This morning somebody who apparently had visited my site cached a virus and started sending out the virus in my name. Luckily for him, his provider scans all incoming SMTP mail and intercepted all messages. Instead of simply not accepting these messages, they had configured procmail to send a warning to the address mentioned in the from-field (me) including the virus!!!!! As a result, my inbox is flooded with viruses from this server (mail.infosys.tuwien.ac.at).
Once again, none of my computers is infected with a virus.

4 thoughts on “Viruses”

  1. At this moment I am still receiving these messages. Some of them are of the above described type: “We did not deliver your message beacause it is infected with a virus”, and the bounce includes the original message (clearly not send by me) with the virus.
    Other messages I receive are bounces because the destination address does not exist. These messages also contain the virus, but because they haven’t been checked for viruses, the blocking server cannot be blamed.

Comments are closed.