what causes spurious email virus rejections?

John Chambers jc at trillian.mit.edu
Sat Sep 6 10:55:50 EDT 2003


Duane Morin writes:
| Once in a blue moon either I or my wife will get an unexpected email that
| says "Could not deliver message to <unknown address X> because it
| contained a virus."  Never heard of that address, never intended to send
| anything to that address.  I'm scanning regularly for viruses.  And I'm
| also thinking that if I really did have a virus then wouldn't I see more
| of these messages?  What's it mean when I see one, oh, i dunno...every
| couple of months?  Should I just ignore it?

There are two main possibilities:   It  may  be  a  bit  of
"social  engineering"  to get you to reply, and thus verify
that your email address is valid. So replying will just get
you on a commercial spammer address list.

The other possibility is that it's from one of those recent
MS  worms that pick two addresses from the victim's address
book, and send a viral message to one saying it's from  the
other.    This   has  the  "advantage"  (from  the  virus's
viewpoint) that the two addresses are likely to  belong  to
people  who  know  each  other, and the recipient will thus
trust the message and open an attachment.


In both cases, the message didn't originate on your machine
at all.  Some third party faked your address in the headers
for one of these reasons. It's best to just trash them.  If
you want to do something about them, you shouldn't reply to
anything.  You should go through the headers, try to locate
the  actual  sender, and contact their ISPs.  Sometimes the
real sender can be found from the  message,  sometimes  you
can discover their IP address, and sometimes they've done a
good job of hiding their identiry.


--
What if the Hoky Poky really IS what it's all about?



More information about the Discuss mailing list