[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications
Les Mikesell
les at futuresource.com
Wed Jun 29 13:34:39 EDT 2005
On Wed, 2005-06-29 at 08:59, WBrown at e1b.org wrote:
> I use reject for viruses. If it is a virus with its own SMTP engine, it
> just pretty much dies. If it is sent through a relay, an uses a forged
> sender, the problem is the fault of the relay owner for having a borked-up
> configuration.. If relays through using the real users name, it will
> bounce back to the person infected.
I think you'll change your mind about this the day some virus spews
thousands of emails with *your* address forged as the sender through
a relay that doesn't block it, a very likely event if you've sent
email to a lot of people. Your smtp rejection forces the sending
relay to construct a bounce message which is almost certain to be
to a forged return address - I don't think any viruses in the past
several years have sent with the real user name. When it's your return
address involved, you might wish everyone just dropped viruses quietly.
--
Les Mikesell
les at futuresource.com
More information about the MIMEDefang
mailing list