AW: [Mimedefang] action_bounce - forget it!
Martin Bene
martin.bene at icomedias.com
Thu Jan 29 06:00:35 EST 2004
Hi Andrezej,
>The spreading infection of MyDoom made me change my filter. The idea is
>the following: there is absolutely no point in bouncing the
>infected mails
>nowadays because contemporary worms - like MyDoom - notoriously forge
>sender address. Therefore my /etc/mail/mimedefang-filter (starting from
>line ~220) looks like this - see below. No bouncing, no
>quarantines, just action_discard. For ALL the viruses/worms. That's it!
That's why I love Kaspersky AV: it uses a naming scheme where the virus name for all the email worms start with "I-Worm.", so I can discard the automatically generated junk and still notify the recipient for the few cases where they've received a word doc with macro virus or similar stuff.
It's a real pitty that most other AV vendors don't return any information that allows you to categorize the detected virus.
Bye, Martin
More information about the MIMEDefang
mailing list