I keep getting messages from Yahoo! Mail Virus Protection <mail-antivirus@yahoo-inc.com> saying that they've detected Netsky in a message, but that my Norton AntiVirus couldn't clean it.

I just updated Norton, so why couldn't it clean it? I know Netsky has been around for a while, but I'm getting a LOT of these messages. I hardly ever give out this e-mail address, so what's up? Is this just one of my friends who's gotten infected and it's perpetuating itself?

Originally posted by Dlandmom
I keep getting messages from Yahoo! Mail Virus Protection <mail-antivirus@yahoo-inc.com> saying that they've detected Netsky in a message, but that my Norton AntiVirus couldn't clean it. Netsky falsifies the "From" header, so it's unlikely that you are actually sending the infected message. Instead, someone who has you in his/her address book, or visited a Web page with your address in a mailto link, or who has your email address in any number of other places is infected and the virus is placing your address randomly in the "From" header. The real problem here is that many antivirus products, apparently including Yahoo's mail scanner, mindlessly send these "alerts" to the apparent sender, even when it's well-known that the "From" header is falsified.

If your AV product and definitions are up-to-date, I'd ignore the Yahoo messages.

Thanks, Andrew. I hope whoever has the virus fixes it soon. I don't want to be getting these messages forever! I got anywhere from 5-15 a day! And I only get about 2-3 "real" messages a day.

Originally posted by Dlandmom
I got anywhere from 5-15 a day! And I only get about 2-3 "real" messages a day. Consider adding the Yahoo alert address to your spam filter (you do have a spam filter, right?) so that you won't see them. Keep your AV and firewall (you do have a firewall, don't you?) up to date and you'll be fine.

My personal recommendations for these three products:

Spam filter: SpamPal (http://www.spampal.org/) -- free, updated often, supports Bayesian filtering via plugin.
AV: McAfee (http://www.mcafee.com/) and Norton/Symantec (http://www.norton.com/) are pretty evenly matched.
Firewall: BlackICE (http://blackice.iss.net/) -- costs a bit more than ZoneAlarm (http://www.zonelabs.com/store/content/home.jsp) (which is free) but I can tell you that the underlying technology is infinitely better. Disclaimer: I work for the company that makes BlackICE, and indeed on BlackICE itself, so I know that of which I speak.

Thanks for reminding me about spam filter. Ever since I routed my SBC account into Outook, I keep forgetting about things like that. I just keep assuming everything's already "done" for me!

Dlandmom

the reason that you are getting the messages that Norton couldnt clean the virus was because norton's default reaction to avirus infected email/file is to attempt to clean or strip the virus from the email/file and still make the original message/file available to you, the user.

Chances are, people you know arent going to be sending you viruses, best thing I can tell you to do would be to change norton to automatically quarantine or delete any virus infected files/emails it comes across. That way, you will not be bothered with the "attempted to clean:failed" messages

I haven't had a chance to change my spam filter or set up a quarantine...but go figure, I haven't received a single virus message since I started this thread!