[Mimedefang] action_bounce - forget it!

Andrzej Marecki amr at astro.uni.torun.pl
Thu Jan 29 05:28:56 EST 2004


The spreading infection of MyDoom made me change my filter. The idea is
the following: there is absolutely no point in bouncing the infected mails
nowadays because contemporary worms - like MyDoom - notoriously forge
sender address. Therefore my /etc/mail/mimedefang-filter (starting from
line ~220) looks like this - see below. No bouncing, no quarantines, just
action_discard. For ALL the viruses/worms. That's it!

AM

-----------

    # Virus scan
    if ($FoundVirus) {
        my($code, $category, $action);
        $VirusScannerMessages = "";
        ($code, $category, $action) = entity_contains_virus($entity);
        if ($category eq "virus") {
            md_graphdefang_log('virus',$VirusName, $RelayAddr);

            # Discard infected mail!
            return action_discard();
        }
        if ($action eq "tempfail") {
            action_tempfail("Problem running virus-scanner");
            md_syslog('warning', "Problem running virus scanner: code=$code, category=$category, action=$action");

-----------

-- 
-----------------------------------------------------------------------------  
Andrzej Marecki                | 
Torun Centre for Astronomy     |   e-mail: amr at astro.uni.torun.pl
N. Copernicus University       |   WWW:    http://www.astro.uni.torun.pl
ul. Gagarina 11                |   tel: +48 56 6113032
PL-87-100 Torun, POLAND        |   fax: +48 56 6113009
-----------------------------------------------------------------------------  
"If Bill Gates actually had to admin his own stuff, he'd shoot himself."
-----------------------------------------------------------------------------  



More information about the MIMEDefang mailing list