[Mimedefang] Need help with virus notifications
Chris Myers
chris at by-design.net
Mon Dec 13 16:09:08 EST 2004
> > And I don't assume that all other folks have poorly configured firewalls
> > that will let viruses go straight out without passing through some form
> > of SMTP relay. Remember that the viruses have access to the infected
PC's
> > settings and can pull their SMTP relay from their mail client rather
> > easily ... it's GOING to happen if it isn't already.
>
> Actually, that's old school virus behavior. A few years ago, they would
> look up the outbound relay from the mail client and use that to send their
> mail. Recent ones have changed to sending direct. My guess is malware
> authors found too many of the legit mail relays were running antivirus
> software hindering their efforts so they switched to sending direct.
Which brings up one of those "Help Save The World!" points. Configure
your firewall to block outbound SMTP except from internal mail servers.
It's simple, it's effective, it's good practice.
Anyway, I think we're pretty far down the path towards a religious war.
Either you bounce every virus, drop mass-mailing viruses, or drop all
viruses. Personally I'm glad that I use the SpamAssassin rules for flagging
anti-virus replies, because there are a LOT of people out there bouncing
everything, and one of my mail addresses has been out there for 10 years.
Chris Myers
Networks By Design
More information about the MIMEDefang
mailing list