[Mimedefang] How to Handle a Virus.
Jack Olszewski
jacek at hermes.net.au
Wed Apr 17 23:42:30 EDT 2002
At 04:51 PM 17/04/02 -0700, you wrote:
>I've gotten both File::Scan and OpenAntiVirus working with MIMEDefang,
>although I haven't yet settled on which one to use when the system goes
>"live."
I use OAV, and it works ok.
> However, I've been having trouble deciding just what to do when a
>virus is detected. It all comes down to who should be notified:
> * Silently drop or quarantine the message. (The recipient doesn't need
>it, but the sender could use the info.)
> * Drop/quarantine the part and send the rest through. (This is what
>I've got it doing right now. It avoids collateral damage if a virus
>attaches itself to existing email - but when was the last time you saw one
>of those?)
> * Bounce the message. (The sender could use the info - but could also
>get flooded, depending on where the virus is sending itself. Also, if it
>picks a fake "From" address, an uninfected third party would get a useless
>but alarming warning.)
> * Replace the entire message with a "Virus blocked" note. (It's
>informative - but does the recipient need the info?)
Bouncing the message, action_bounce( ... ), does not mean sending it
anywhere. It means its immediate rejection with a signal ... to the sender:
554 5.7.1 ...
Jack
More information about the MIMEDefang
mailing list