[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications

James Ebright jebright at esisnet.com
Fri Jul 1 10:45:17 EDT 2005

On Fri, 1 Jul 2005 09:05:37 -0400, Chris Gauch wrote
> Alan wrote:

> So, user-x at digicon.net would be infected (where a virus, such as 
> W32.Bagle, would be auto-generating email from their PC and sending 
> out copies of itself), sending out the virus using a forged FROM 
> address from user-y at digicon.net, and our mail server would reject 
> and generate a bounce to user-y, containing the virus attachment in 
> the NDN.  

The problem here is you were not rejecting.. you were bouncing.. there is a
HUGE DIFFERENCE. With a 5xx reject you tell the MUA/MTA you are not accepting
the message for delivery and why, you do NOT generate a bounce. (yesyes, I
know if the IP happens to be a valid MTA it may or may not generate a bounce,
that is a different situation altogether though and IMHO a rare one where you
do nto control both MTAs and can fix it anyway).

Bouncing virus infected email (or spam for that matter) makes absolutely NO sense.


EsisNet.com Webmail Client

More information about the MIMEDefang mailing list