Re: Warning: you may be using a chronically stupid virus scanner [Was: WARNING: YOU MAY HAVE SENT A VIRUS to firstname.lastname@example.org]
On Fri, 6 Jun 2003 07:26, Steve Langasek wrote:
> > The E-mail containing the virus has been quarantined on our mail
> > server and was not delivered to prevent possible infection.
> Good for you!
That wasn't particularly smart, the Email_Support@iNET-Systems.net address
doesn't work anyway (quite common for such things).
I have attached a little Perl script I wrote to deal with such things, it
sends messages informing the loser-admins about their misconfigured servers
and uses their own email address in the From: field. This is both a
demonstration of why the From: field should not be trusted and a protection
Please edit the script to insert your own name and email address in the body
of the messages before use.
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
my @addr = split("@", $ARGV);
my $host = primary($addr);
my $postmaster = "postmaster@" . $addr;
($smtp = Net::SMTP->new($host))
or die "Can't connect to mail server.\n";
or die "Server doesn't like from address $ARGV.\n";
or die "Server doesn't like to address $ARGV.\n";
or die "Server doesn't like cc address $postmaster.\n";
($smtp->data()) or die "error in start data.\n";
$smtp->datasend("From: " . $ARGV . "\n");
$smtp->datasend("To: " . $ARGV . "\n");
$smtp->datasend("Cc: " . $postmaster . "\n");
$smtp->datasend("Subject: Your mail server is broken\n");
"A correctly configured mail server will not send out virus reports to the\n"
."address listed in the From: field as the viruses send out email with fake\n"
."From: addresses. This means that a broken mail server such as yours\n"
."which sends such messages just annoys innocent people while not helping\n"
$smtp->datasend("I sent this message with your address in the From field because I have received\n");
$smtp->datasend("more than enough anti-virus messages from you already.\n");
$smtp->datasend('email@example.com' . "\n");
($smtp->dataend()) or die "error in end.\n";
($smtp->quit()) or die "error in quit.\n";
my $res = new Net::DNS::Resolver;
if(not @mx = mx($res, @_))
print "no mx records\n";
$query = $res->send(@_) or die "no A records";
my $primary = $mx;
foreach $rr (@mx)
if($rr->preference < $primary->preference)
$primary = $rr;
$query = $res->search($primary->exchange) or die "Can't lookup A record.\n";
foreach $rr ($query->answer)
next unless $rr->type eq "A";