[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications
matt.s at aptalaska.net
Wed Jun 29 13:50:15 EDT 2005
Chris Gauch wrote:
> Well, you have to accept the message data to scan it in the first place.
Actually, you don't, you get a copy of it and can look at it before you
decide, but you don't have to accept it.
> Since I already wasted my time scanning it with the virus scanner, I might
> as well take the nanosecond involved in accepting the message and then just
> throw it out. We scan for viruses before any spam scanning is performed.
> In my opinion, the virus has to meet its doom somewhere, that way I know
> it's gone and not floating around on the net causing problems for someone
> else (perhaps being a thorn in our side again). I think it's safe to say
> that don't use too many additional resources by throwing virus-infected mail
> into the bit bucket after it has already been identified as "infected" by
> our virus scanner. ;-)
It's not an issue of processing time, or if the message should die, it's
an issue of correctly reporting what happened. While some other MTA
sending bounce notification emails may be causing a thorn in someone
else's side because you wouldn't accept the message, it's quite possible
that your policy of announcing that your 'OK' with the message then
silently dropping it could be creating plenty of thorns of their own.
I make strict policy to accept and deliver or reject regardless of
whether the message is spam, over quota, invalid user, or otherwise.
This cut and dry rule is easy for my customers to understand. Either we
accepted the message and it's in your inbox, or we rejected the message
in which case the sender will be notified of the problem by their relay.
There is no possibility for lost email because nothing is ever dropped.
More information about the MIMEDefang