[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications

Richard Laager rlaager at wiktel.com
Wed Jun 29 09:47:03 EDT 2005

On Tue, 2005-06-28 at 14:24 -0400, Matt Cuttitta wrote:
> It appears that ClamAV's virus database attempts to classify malware by
> prefixing the virus name.  However, many of the viruses don't have
> prefixes and others are prefixed by W32 and other things.  Does anyone
> handle different viruses differently?  i.e. discard worms and trojans, but
> strip Word viruses?

I believe, and have implemented this policy: All viruses should be
silently dropped, no exceptions. Bouncing or notifying just increases
the amount of noise your users and other people have to deal with.

We also have some automated abuse handling code that will notify our
customers if they're sending viruses. That way, they can clean up their
zombie machine or we'll (temporarily) disconnect them. I exclude
Encrypted.Zip and Joke.* from triggering this process.

Richard Laager <rlaager at wiktel.com>
Wikstrom Telecom Internet

More information about the MIMEDefang mailing list