[Mimedefang] How to Handle a Virus.
Kelson Vibber
kelson at speed.net
Wed Apr 17 19:51:49 EDT 2002
I've gotten both File::Scan and OpenAntiVirus working with MIMEDefang,
although I haven't yet settled on which one to use when the system goes
"live." However, I've been having trouble deciding just what to do when a
virus is detected. It all comes down to who should be notified:
* Silently drop or quarantine the message. (The recipient doesn't need
it, but the sender could use the info.)
* Drop/quarantine the part and send the rest through. (This is what
I've got it doing right now. It avoids collateral damage if a virus
attaches itself to existing email - but when was the last time you saw one
of those?)
* Bounce the message. (The sender could use the info - but could also
get flooded, depending on where the virus is sending itself. Also, if it
picks a fake "From" address, an uninfected third party would get a useless
but alarming warning.)
* Replace the entire message with a "Virus blocked" note. (It's
informative - but does the recipient need the info?)
And of course combinations of the above.
Is there any consensus on what is "polite" for mailserver-based virus scanners?
Kelson Vibber
SpeedGate Communications, Technical Staff
kelson at speed.net Phone: (949) 341-0800
http://www.speed.net/ FAX: (949) 341-0900
More information about the MIMEDefang
mailing list