[Mimedefang] Re: calling action_bounce() for viruses

David F. Skoll dfs at roaringpenguin.com
Mon Sep 29 21:13:01 EDT 2003


On Mon, 29 Sep 2003, James Ralston wrote:

> I am aware that David posted (in another thread) that he now believes
> that silently dropping incoming mail messages which contain viruses is
> the best thing to do.  I still disagree.

I vacillate...

On the one hand, bouncing a message can irritate third parties.  On the
other hand:

1) If the virus sends itself to a nonexistent address, it will be bounced
   anyway.

2) The virus forges the From address and likely sends itself there anyway.

> No matter how smart or experienced we think we are, we don't even
> scratch the surface of the depth of the experience and intelligence
> that went into the construction of the mail-related RFCs.  And the
> RFCs don't permit you to return 250 and then dump the message in the
> trash.

Actually, I don't think that's true.  RFC 2521 says you
"MUST NOT lose the message for frivolous reasons", but I don't see
anything that actually prohibits discarding a message.

> If you want email to remain a useful tool for communication, then
> follow the damn standards, and refuse to accept messages with viral
> content instead of silently dropping them.

It's a tough call.  Philosophically and emotionally, I agree with you.
However, I have been annoyed more by bounce messages from viruses than
from actual viruses themselves, so practically speaking, bouncing
viruses can do more harm than discarding them.  Some mail servers
(including some configurations of Sendmail) do not include the body of
the original message in the bounce, so whereas my MIMEDefang setup
would have rejected the original virus, it permits the bounce
message. :-(

Regards,

David.



More information about the MIMEDefang mailing list