[clug] Procmail rule to match all this virus email?

[Matthew Hawkins]

Michael Still said:
> PS: What were the virus scanner people thinking when the wrote the code to
> send me a warning of infection? I have as many of these as I do the virus,
> and I'm _not_infected_!

The problem is that they send it to the (forged) address listed in the From
header rather than the SMTP envelope sender.  A warning of possible infection
is (usually) a good thing, though of course you could argue that end users
don't need to know, the message should go to postmaster instead.  I don't
think its that black and white though in reality.

What we need to do is educate the people who wrote these antivirus solutions
to fix their broken implementations.  We also need to find the author of
MyDoom and slap them upside the head once for each message we've gotten about
it ;)  Perhaps film that and broadcast it on the internet as a warning to
other virus authors.  SCO's US$250k should help in making that possible.

-- 
Matt