[Mimedefang] Re: calling action_notify_sender() for viruses

[Jeremy Mates]

* James Ralston <qralston+ml.mimedefang at andrew.cmu.edu>
> Sites which don't want to risk losing legitimate mail may want to
> call action_bounce() instead of action_discard() when a virus is
> detected, even if the virus detected is one which is known to forge
> the envelope sender.

This wastes time for users the malware is forging, via discard spam and
messages from other people saying "you have a virus!" or "stop sending
me these!"

A better option, depending on resources and setup, would be to log all
the relevant message details or quarantine the message, and have a
priodic script that generates reports to users and otherwise paws
through the log records and quarantine directory. That way, the user can
review the periodic summary, and at least have a chance to see whether
something important looks like it was thrown out.

Though even with a nice summary report, that one discarded or even
bounced legitimate e-mail could easily be drowned out by the sheer
amount of crap current malware is producing.