I've noticed some effects of the virus attacks of the past months on the way I usually deal with email:

path: /en/malware/viruses | #

I wouldn't be surprised if it is going to spread extremely fast in Germany

From: Info@rtl.de Subject: RTL: DSDS Deutschland Sucht Den Superstar (DSDS) auf RTL. Hallo, Du wurdest zufällig von ca. 85.000 E-Mail Adressen ausgewählt, um bei RTL DSDS in der Zuschauer Jury mit zu Voten. ...

RTL is one of Germany's largest television companies (leading in market share during the last months). DSDS is "Deutschland sucht den Superstar", the German version of "Star Search", which has been the most successful TV show in the last year (don't ask why). And the email tells me I could become part of an online jury. Oh, and it contains a Windows executable with the extension .bat.

path: /en/malware/viruses | #

Similar to Brian I'm writing this so I have a place I can link to when people assume I'd be sending virus mails to them. Go and read Brian's article for the longer version of

Almost all recent worms and viruses fake the from address. If you receive a worm sent from any of my addresses, you can be absolutely sure that I haven't sent it.

Due to server-side filtering (big kudos to the people responsible for the apache.org mail infrastructure) I'm getting far less Mydoom worms now. I still keep getting bounces, which certainly is annoying. Being the moderator for a couple of mailing lists doesn't help either.

I've noticed that those viruses are causing problems to statistical spam detectors, mails without a virus get a higher probability of being ham now. So far I've been filtering out all mails with "bad" attachments (I don't have any use for .exe or .scr files) before ifile sees them, but I cannot remove all "zip" attachments.

path: /en/malware/viruses | #

I received about 50 copies of that new virus during the past twelve hours. What's worse than that are more than 200 bounce messages, as usual about half of them containing the virus itself.

For the record, I'm not the sender of those virus mails, I don't even run an operating system it could affect.

Dear virus detection software writers, please get a clue. The forged sender of such a virus message is most probably not yet affected by the virus. In sending "back" that thing, you help spreading it.

Now back to refining those procmail recipes so that I don't have to see the garbage at all.

path: /en/malware/viruses | #