[Mimedefang] How do I remove infected attachments before bouncing mail (action_bounce)

[Justin Shore]

On Fri, 6 Jun 2003, Jim Shewmaker wrote:

> Hi,
>   While I agree that adding to the traffic in notifications is a problem, my
> opinion is that is is temporary necessary for the sake of legit users
> (though there may be few), who did send a virus infected message.  Also,
> policy wise, I can say "we don't discard anything, we bounce it so the
> sender knows they sent something we wouldn't accept"  This does wonders for
> those instigating users who are problem children and think a boogie man ate
> their joke of the day, homework, or whatever.
> 
>   In a week or two, I'll be disabling our bounces entirely, but I feel in
> most cases it is valuable initially.  Eventually even drop_with_warning will
> be shrugged off anyway by Joe user, so I'm going to a silent running
> operation overall.

Perhaps you should consider only spamming your own users with the virus 
notices rather than all users on other ISPs as well.  This would go a long 
way towards mitigating the waste of bandwidth and other resources by 
blinding bouncing virus reports to mostly forged users.  I just posted 
some code that I use to make sure that $RelayAddr does equal any IP on one 
of my netblocks (ie, myself or my users) before proceding with the 
SpamAssassin checks.  You could do something similar with your AV checks.  
If $RelayAddr doesn't match one of your IPs, return a 55x like normal.  If 
it is one of your own IPs (read: users), bounce them a virus report.  That 
would be a good way to approach it.

Good luck
 Justin