Virus on the Rise

Over the past two weeks I have been bombarded with the W32.Klez.gen@mm virus as an attachment to blank e-mails. I wondering if anyone else is have the same issue. My Anti-Virus software is catching these thank goodness…It is also coincidental that I just set up mail forwarding to various other e-mail addresses and now those people are receiving the virus at the same time I do. So, far their anti-virus software is catching them as well. Just Curious.

Damn near everyone I know is having the same problem - particularly people who have their e-mail address on one or more web sites, since many viruses pull addresses from the browser cache.

I have my address on a number of sites as webmaster, so I get up to half a dozen Klez e-mails a day or more, with a few SirCam’s thrown in now and then and the occasional BadTransB… none of which worry me in the slightest, as it happens, because I have the best virus protection of all: a Mac. :slight_smile:



I’m getting up to 15 Klez emails a day now, as well as the occasional SirCam.

The virus is popular, all right :slight_smile:

Nice to know I’m not the only one with the ultimate Virus protection system (a Mac that can’t run the virus, that is).

But yes, the Klez thing is certainly keeping my inbox full, and might even be a bit worse than good ol SirCam–I was seeing about 20 of those a day, which is right around the level Klez is at now.

Then again, Klez is better about only sending one infected attachment–I got over 100 messages from a SirCam infected computer within a period of two days at one point. I was about ready to drive down to where it was–an art museum, of all places–and do something violent when it took them over two weeks to get it clean… and I could’t find so much as a working e-mail address or phone number to contact them.

The real problem with Klez is those fake from addresses; I’ve already gotten one message from someone who got a message “from” me (fortunately not irate), an I’m getting at least two or three bouncebacks per day. I don’t even want to know how many are going through…

I haven’t had any trouble not CATCHING the virus. But I sure wish there were a way to block the continuing posts from the same people. I have been getting 6 - 8 a day from the same person.
As someone else pointed out, it seems that the return address has been buggered to hide the real originator. So pleas to the “return to” or “sender” address yield just another mail daemon.

I am running Netscape as my mail manager. Any body got any bright ideas?


Using procmail to block the messages would probably be the best solution. The kbase docs on procmail are (sadly) a bit out of date currently - updating them is on my todo list. Also, using procmail takes a bit of technical know-how, so it’s not a good solution for many people.

Using IMAP might help, since if you recognize the message by its subject line, you could delete it without actually downloading it from the server (POP3 requires you to download it).

If you use PINE or mutt for mail (on the machine itself), you have the advantage of not being able to get the virus, and you can delete it very quickly / easily.

Another suggestion would be to read the headers and report the message to the ISP of whomever (presumably unintentionally) sent you the virus – you might even be able to guess who sent you the virus and let them know.

I’d eventually like to provide some rudimentary virus filtering capabilities to customers (server side), however this is fairly difficult to do on a large scale, since processing that much mail is fairly resource intensive.

We did start using a virus scanner on the office mail server after some Outlook (ugh) using employees got viruses.

I didn’t have the W2K SP2, so my Klez.h email attachment executed automatically (without opening the msg) and dropped the Elkern.cav.c in hundreds of files on my system. Took 3 days to rid the system of them all!

I’m going to pull the HP9000 out of the closet and tell Bill to take a flying leap…which brings me to an off-topic question, is there a Linux distribution for HP-UX machines yet?

Pegasus Mail ( is another good choice for a mail reader that isn’t vulnerable to viruses because, unlike the stuff from Microsoft, it isn’t stupid enough to automatically launch scripts or attachments.

All those virus messages are still a nuisance, though, even if I’m not in any danger of infection from them.

– Dan

looks like there is some Linux support, and NetBSD support (NetBSD is kind of hard to install, but will probably work better than Linux).

it’s not 64 bit, is it?

reading your email on our server using PINE or mutt is another good way to avoid getting viruses.