Re: Virus Detected by Network Associates, Inc. Webshield SMTP V4.5 MR1a
On Sat, 28 Jun 2003 22:21, Dan Rasmussen wrote:
> On Sat, Jun 28, 2003 at 12:14:38PM +0000, email@example.com wrote:
> > An E-mail from <firstname.lastname@example.org> to <RvdOever@baan.nl>
> > with subject Re: Application has been intercepted. The virus
> > W32/Sobig.c@MM in attachment your_details.zip has been detected.
> Quick question, why do I always receive emails like this? It seems that
> if the virus has been intercepted, there is no need for me to know about
> it... is this advertising for their antivirus scanner, or something
> designed to make virus authors all proud when they do a search and their
> virus comes up in mailing list archives and they can see how far their
> work spread?
The people running the virus-scanners are idiots.
I've attached a little script I use to deal with such things. If you use it
then please edit it to put your name and email address in the body.
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
my @addr = split("@", $ARGV);
my $host = primary($addr);
my $postmaster = "postmaster@" . $addr;
($smtp = Net::SMTP->new($host))
or die "Can't connect to mail server.\n";
or die "Server doesn't like from address $ARGV.\n";
or die "Server doesn't like to address $ARGV.\n";
or die "Server doesn't like cc address $postmaster.\n";
($smtp->data()) or die "error in start data.\n";
$smtp->datasend("From: " . $ARGV . "\n");
$smtp->datasend("To: " . $ARGV . "\n");
$smtp->datasend("Cc: " . $postmaster . "\n");
$smtp->datasend("Subject: Your mail server is broken\n");
"A correctly configured mail server will not send out virus reports to the\n"
."address listed in the From: field as the viruses send out email with fake\n"
."From: addresses. This means that a broken mail server such as yours\n"
."which sends such messages just annoys innocent people while not helping\n"
$smtp->datasend("I sent this message with your address in the From field because I have received\n");
$smtp->datasend("more than enough anti-virus messages from you already.\n");
$smtp->datasend('USER@DOMAIN.com' . "\n");
($smtp->dataend()) or die "error in end.\n";
($smtp->quit()) or die "error in quit.\n";
my $res = new Net::DNS::Resolver;
if(not @mx = mx($res, @_))
print "no mx records\n";
$query = $res->send(@_) or die "no A records";
my $primary = $mx;
foreach $rr (@mx)
if($rr->preference < $primary->preference)
$primary = $rr;
$query = $res->search($primary->exchange) or die "Can't lookup A record.\n";
foreach $rr ($query->answer)
next unless $rr->type eq "A";