![](https://seccdn.libravatar.org/avatar/77cb4da5f72bc176182dcc33f03a18f3.jpg?s=120&d=mm&r=g)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2006-10-05 at 13:44 -0500, Jim Flanagan wrote:
I'd like some advise on how to handle worm and phishing emails coming to one user on my postfix server. For about 3 weeks now, Clam-AV is advising that emails have been detected and not delivered due to them containing a worm. In this case it is Worm.Mydoom.M. About 8 to 10 a day are arriving, with ClamAV advising that the trace is to 2 different IP addresses. Ripe shows both to be registered thru an outfit in Paris (La Defense). I sent an email to the listed report-to email address but no reply.
Typical.
The worms keep crawling! I do get similar messages about phishing, but not near as many, and not from the same repeated IP addresses.
Typical as well.
My question is, is it OK to just continue to ignore these messages as my server is catching them and not delivering them, or is there another "best practice" that I should be doing.
Simply ignore them, and keep your users informed that they should be very cautious about suspicious emails, and what to consider suspeicious. Reporting to an abuse address that you don't know if they only put because it is mandatory, but that is probably ignored, is useless to say the least. A phising atempt should be handled by the police, the interpol perhaps, in my opinion, but I don't think they have the resources nor interest. I receive dozens per day, all catched by SpamAssassin. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFJV0qtTMYHG2NR9URAolSAKCJ3K/nlCeZxHnZOVnN246lSC91ewCbBE80 jugQT5SmtyCgGBGGKkDUufU= =szA/ -----END PGP SIGNATURE-----