[Mimedefang] Re: ClamAV's Worm/Trojan/Joke/W97M classifications

Paul Russell prussell at nd.edu
Fri Jul 1 10:12:02 EDT 2005


On Thu, 30 Jun 2005, Matthew Schumacher <matt.s at aptalaska.net> wrote:
> 
> There is another case where rejecting is better that hasn't been bought
> up yet (or at least I didn't read it) password protected zip archives.
> On our mail system we call these viruses simply because they almost
> always are, but if we where silently dropping them then that would be a
> problem.
> 

Many viruses use their own SMTP engines, which just keep pumping the sludge,
no matter how many 5xx errors you throw at them, and they do not display the
mail server rejection messages to the local user. We deal with this issue by
running a script against our mail server logs twice daily to identify systems
in our net blocks which have submitted virus carrier messages to our SMTP
servers.

--
Paul Russell
Senior Systems Administrator
OIT Messaging Services Team
University of Notre Dame



More information about the MIMEDefang mailing list