[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications

Les Mikesell les at futuresource.com
Wed Jun 29 13:34:39 EDT 2005


On Wed, 2005-06-29 at 08:59, WBrown at e1b.org wrote:

> I use reject for viruses.  If it is a virus with its own SMTP engine, it 
> just pretty much dies.  If it is sent through a relay, an uses a forged 
> sender, the problem is the fault of the relay owner for having a borked-up 
> configuration.. If relays through using the real users name, it will 
> bounce back to the person infected.

I think you'll change your mind about this the day some virus spews
thousands of emails with *your* address forged as the sender through
a relay that doesn't block it, a very likely event if you've sent
email to a lot of people.  Your smtp rejection forces the sending
relay to construct a bounce message which is almost certain to be
to a forged return address - I don't think any viruses in the past
several years have sent with the real user name.  When it's your return
address involved, you might wish everyone just dropped viruses quietly.

-- 
  Les Mikesell
    les at futuresource.com





More information about the MIMEDefang mailing list