[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications

[Matthew.van.Eerde at hbinc.com]

Les Mikesell wrote:
> On Wed, 2005-06-29 at 08:59, WBrown at e1b.org wrote:
> 
>> I use reject for viruses.
> 
> I think you'll change your mind about this the day some virus spews
> thousands of emails with *your* address forged as the sender through
> a relay that doesn't block it,

If this happened to me I'd be in touch with the admin of the offending relay.  I would strongly consider blocking all connections from the relay until they stopped spewing viruses.

> Your smtp rejection forces the sending relay to construct a bounce
> message which is almost certain to be to a forged return address

At least those CPU cycles won't be spent sending viruses!

It's true that I'm causing bounce messages to be sent that wouldn't otherwise be sent.  But the sending relay has the obligation to ensure that all mail sent through it is authorized to be sent through it.  When they authorize viral mail, they made a mistake.  That authorization also includes responsibility to send bounce messages - although, theoretically, I can save them that onerous task via action_discard(), I'm not inclined to stick my neck out for them.

-- 
Matthew.van.Eerde (at) hbinc.com                 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com         Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"