[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications

James Ebright jebright at esisnet.com
Fri Jul 1 10:45:17 EDT 2005


On Fri, 1 Jul 2005 09:05:37 -0400, Chris Gauch wrote
> Alan wrote:

> So, user-x at digicon.net would be infected (where a virus, such as 
> W32.Bagle, would be auto-generating email from their PC and sending 
> out copies of itself), sending out the virus using a forged FROM 
> address from user-y at digicon.net, and our mail server would reject 
> and generate a bounce to user-y, containing the virus attachment in 
> the NDN.  


The problem here is you were not rejecting.. you were bouncing.. there is a
HUGE DIFFERENCE. With a 5xx reject you tell the MUA/MTA you are not accepting
the message for delivery and why, you do NOT generate a bounce. (yesyes, I
know if the IP happens to be a valid MTA it may or may not generate a bounce,
that is a different situation altogether though and IMHO a rare one where you
do nto control both MTAs and can fix it anyway).

Bouncing virus infected email (or spam for that matter) makes absolutely NO sense.

Jim

--
EsisNet.com Webmail Client




More information about the MIMEDefang mailing list