[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications

Jim McCullars jim at info.uah.edu
Fri Jul 1 13:38:06 EDT 2005



On Fri, 1 Jul 2005, Les Mikesell wrote:

> addresses through your outbound relay.  A receiving relay has a
> better scanner or just pulled the update that catches this one.  Would
> you prefer it to drop the message quietly or issue a reject, knowing

   We can play these hypothetical what-if games until the cows come home.
The operating parameters that I run under are based on my experience with
the here and now.  What concerns me more is something like this:  Suppose
a researcher emails a proposal to a military agency (our campus lives off
of its contracts and grants).  If that better-than-my virus scanner on the
other end mistakes my researcher's PDF file for a virus, then yes, I want
it to let me know the email was not delivered.

> that the bounce to the forged From: is very likely to infect another
> one of your user's machines?

   If that's a concern, then enabling sendmail's nobodyreturn option is
probably in order.

> they couldn't see each other's HSRP heartbeats.  After that experience
> I'm convinced that anything that identifies a virus should do
> everything possible to make sure it does not reach another windows
> machine.

   Again, as another member of this list so sagely noted, a policy
decision like that really depends on the expectation of the system
administrator's user base and his relationship with them.

Jim McCullars
University of Alabama in Huntsville





More information about the MIMEDefang mailing list