No Viruses Statement - and

We don't have no stinkin' viruses, man!

If you have received a piece of mail claiming to come from or that contains a virus or spam, it did not really come from here.

These are not Windows systems, and are not subject to the vast number of security vulnerabilities present in Windows, some of which can never ever be corrected because fixing the vulnerabilities would break popular Windows applications that rely on the vulnerabilities that the virus writers are also using. Windows would cease to be Windows compatible if Microsoft plugged certain key security holes. Microsoft knows this, but aren't about to tell customers about this issue. If you think that Service Patch or new release fixed even a fraction of the holes in Windows, you are very mistaken.

Because Windows can't really be made secure, much of the security efforts that are made for Windows focus on trying to prevent humans from opening suspect e-mails or being duped by similar attack methods so that the attacking programs don't get the opportunity to be run. Once an unsafe program is allowed to run on a Windows system, the system will be compromised.

Many viruses that propagate by e-mail frequently begin their work on a newly infected machine by locating e-mail addresses it can find on web sites, in domain registration records, in USENET posts, and even by examining the address contact book on Windows computers that it infects. The virus then uses all of those collected e-mail addresses in various combinations as both the To: and From: parties of the NEW virus messages it starts sending out to others, all in the hope that the message will trick the recipient into thinking the message is from someone or a business that they know, and they may open the attachment on their Windows computer, infecting their machine and starting the process all over again. Your machine may send your friend Jane a virus that claims to be from your friend Bob, or vice versa. The message may be repeated several times, each altered slightly with different Subjects and looks, all in the hope that the recipient will be tricked into opening an executable-by-Windows attachment.

The virus may also install a mail proxy on the infected Windows computer, which spammers then use to relay mail through your computers to thousands of other people world wide. By relaying the mail through your computer, it helps conceal the spammers true location. Your machine (the infected one) will appear to be operated by a spammer.

No known virus is able to make the e-mail message it generates look completely genuine (some don't even try), despite putting some innocent systems name in the Received: and From: headers, but then many mail reader programs conceal the headers that would allow the falsification to be immediately detected.

For example, here are the headers and the start of a message that contained a real virus. The virus addresses the mail to look like it was sent by someone at (it was a fake).

From!not_our_virus Mon Apr 12 14:49:05 2004 remote from nemesis
Return-Path: <>
Received: from[]) (24496 bytes) by
         via sendmail with P:esmtp/D:user/T:local
         (sender: <>)
         id <>
         for <> Mon, 12 Apr 2004 14:26:50 -0500 (CDT)
         (Smail- 2001-Aug-6 #21 built 2003-Sep-24)
Message-Id: <>
Subject: Re: Your details
Date: Mon, 12 Apr 2004 14:33:30 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed;
X-Priority: 3
X-MSMail-Priority: Normal

This is a multi-part message in MIME format.

Content-Type: text/plain;
Content-Transfer-Encoding: 7bit

Please have a look at the attached file
[and clicking to open that attached file will run a virus written by some criminal].


(Addresses in that sample have been altered so that some future virus won't be able to successfully use them.)

The items marked in Red are forged items to try to trick the receiving mail system into accepting the message as one of its own as well as specifying the victim that is to receive the virus. Note that the message claims to come from the machine that the recipient is on, even though the From: address is somewhere else.

The item in Purple is the true IP address of the machine where the virus came from (likely an infected machine). That IP address does not agree with the forged machine name just to the left of the number. They should agree, but they don't, an indicator of a forgery. (If your mail server setup has multiple machines, there may be more than one Received: header. Starting with the first Received: header, look for the one that has the IP address of a machine NOT at your site. This is the system that handed the virus to your mail servers.)

Items marked in Blue are all the e-mail address of an innocent person, that the virus is using to hopefully trick the receiver of the mail into opening the attachment, because the recipient may know the claimed sender.

A check of the IP address (the item in Purple) with "nslookup" will show that it is not really any of the systems whose addresses appear in the To: or From: addresses.

No virus reports, Please!

Please do not send virus reports to any address at or These systems do not run Windows or other vulnerable Microsoft products, nor does it relay mail for Windows computers. These systems run FreeBSD, and subsequently it is immune to virtually all viruses and worms in existence.

(If only one IP address appears in the Received: header and that really is the IP address of or (starts with 24.240.234), then may you have a legit report.)

If you use some automated virus detection software, make sure that when it detects a virus, it SILENTLY discards the virus. Do NOT have the software send alerts back to the senders address, which today is almost always an innocent parties mailbox address and NOT where the virus is running at all. Sending these alerts back to innocent parties (based on the From: address in the e-mail message) just wastes everybodys time. Please turn this obsolete setting off right away.

If you want to report an infected system, use the "whois"* command with the ARIN netblock database (eg "whois -h X.X.X.X") and the IP address you find in the spam Received: header to locate the TRUE source of the message you received, then file a complaint with the network administrator where the virus mail is really coming from. Again, the domain name in the From: address usually has nothing to do with the true source of the spam or virus, as the From: header is easily forged. Don't bother the wrong people.

* "whois" comes with all UNIX or UNIX-derived operating systems. Free versions are available for download for Windows operating systems from numerous sources. There are also web sites that will perform the function for you, without you having to have the "whois" program itself. Note that "ARIN" is not the only netblock repository, and if the source IP address is outside of North America, ARIN may refer you to another repository, such as for Asia, for Europe, and so on. Start with ARIN and it will tell you if you need to look elsewhere.

Valid HTML 4.01!

Notice: Are you having trouble sending mail to or A configuration problem on the mail server you are using may be the cause. If your client mail program is trying to send mail directly to or, that client may have a configuration problem. Read an explanation about RFC 2821 and RFC 1035 compliance here