[Mimedefang] How do I remove infected attachments before bouncing mail (action_bounce)
David F. Skoll
dfs at roaringpenguin.com
Fri Jun 6 14:56:03 EDT 2003
On Fri, 6 Jun 2003, George Kuetemeyer wrote:
> We're currently bouncing/rejecting infected mail using action_bounce. This
> routine appears to send the entire message, including the virus-infected
> attachment, back to the sender
No, it does not. It sends an SMTP "5xx" failure code. If the sending
relay chooses to return the entire message, that's really beyond your
control.
I know my position is controversial, and there have been some animated
discussions about this on the list, but I don't see anything wrong
with sending a 5xx response and letting the sending relay worry about
it. Exactly the same thing would happen in the very common case of a
virus sending itself to a nonexistent user, so trying to be "nice" to
third parties won't help much.
> Actually, what we would really like to do is send back a warning
> notice and simply discard infected messages. Has anyone developed
> code to do that? (Might as well ask before doing my own coding).
Please don't do that. Viruses usually fake the sender addresses, and
I consider virus-notification messages to be spam. In fact, I have
MIMEDefang rules to recognize and bounce virus-notification messages
from a number of popular anti-virus tools.
Just bounce it with a 5xx code and to hell with the rest of the world.
If someone gets upset, tell them to sue Microsoft. :-)
--
David.
More information about the MIMEDefang
mailing list