Your e-mail appeared to have a virus. Please e-mail without attaching the batch file.

That’s how an email I’ve got today started. The ugly thing, as you can figure out, is that I never sent that email. Klez did. And not even our Klez (as we mostly run Linux) and the only Win station is clean but somebody else’s.

It’s very ugly, and I don’t see how can we protect ourselves. It’s
of no use to tell the receiving party to look at the mail source to
identify the receive path, our mails always will have the
millennium.nolimits.ro and not some French or Chinese server.

The possible solution would be to always use signed emails. But even in this case there are two solutions, PGP or S/MIME. S/MIME is nice and clean (you can get a certificate for free from Thawte, but then again some email clients will crash when receiving such an email. PGP is cool but it is not integrated in all email programs plus that retrieving a public key is not always straight forward.

So, what you do when you know that somebody is sending viruses in your name ?