First the bacground...and a rant... so [rant]
I assume the other sysadmins here have been watching Sobig bounce off email antivirus wall.
It was easy to stop (we block all attachments regardless) but then we started getting bombarded with messages from other company antivirus systems telling our users that they had sent infected emails. Our helpdesk got flooded with concerned users, they are used to the "blocked" messages but not these AV bounces.
To my peeve.
Those frikkin email administrators who turn on the "reply with warning to sender" on their email AV gateways.
Given that 99% of current viruses out there spoof the "from" address, who do these idiots think they are sending the reply to? Or whose bandwidth they are chewing up by sending out the "replies".
We have just changed our policy to send the infected email to the bitbucket and am trying to figure out how to do the same for these spamming admins.
[/rant]
Wow, I feel much better now.
All I have to figure out is when to let email from these companies back into our system.