[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications
sven at dmv.com
Wed Jun 29 15:03:18 EDT 2005
On Wed, 2005-06-29 at 12:45 -0400, James Ebright wrote:
> Rejecting the infected message to the MTA is not the same as bouncing it, you
> got all that blow-back from bounces (or your own users were infected and
> sending it out... more likely bounces).
> Rejecting the message tells the sending MTA that you never accepeted it during
> the conversation (ala 5XX return code), never creating a "bounced" message
> from your end.. ala no additional traffic on your end.
The only problem with 554 is in cases (like ours) where the AV machine
is not the MX server, i.e. the MX (inbound) gateway does user and rbl
checks then passes the email to the av scanner. A 554 on the av scanner
would then cause the MX machine to try and bounce the email which then
creates all the double-bounces and extraneous traffic. Ergo, our
avscanners simply drop virus-laden emails.
More information about the MIMEDefang