[Mimedefang] opinions on this filter?

Rich West Rich.West at divatv.com
Thu May 16 15:19:51 EDT 2002


The only remaining problem I can see, after looking it over carefully, 
is that if a virus has been found within a message, you are sending a 
message back to the original sender via action_notify_sender.  That in 
itself is not a problem because it is a good idea.

However, many viruses spread like spam, so you cannot rely heavily on 
the validity of the sender's address unless it originates within your 
organization.  You do have it already checking to see if the sender's 
address is "<>", but that probably is not enough.  Some viruses generate 
email using bogus sender addresses, but not blank ones..

It might work out better to generate the message for 
action_notify_sender() only if the message is originating from within 
your domain.

This will also prevent MD from being the one to generate SPAM to the 
poor slob who has had their email address used as the bogus sender's 
address. :)

-Rich





More information about the MIMEDefang mailing list