[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications
Matthew.van.Eerde at hbinc.com
Matthew.van.Eerde at hbinc.com
Wed Jun 29 15:37:09 EDT 2005
Sven wrote:
> The only problem with 554 is in cases (like ours) where the AV machine
> is not the MX server, i.e. the MX (inbound) gateway does user and rbl
> checks then passes the email to the av scanner. A 554 on the av
> scanner would then cause the MX machine to try and bounce the email
> which then creates all the double-bounces and extraneous traffic.
> Ergo, our avscanners simply drop virus-laden emails.
This is a valid point. We used to run this way. I considered it a flaw in our network. I went to a great deal of trouble to make sure that our MX servers did their own virus-scanning so I wouldn't have to choose between the three evils of:
* Send "your message to RECIPIENT was discarded as a virus" to the purported sender
* Send "A message to you from SENDER was discarded as a virus" to the recipient
* Silently discard
There are still some bounce messages we send - over quota, out of office - but it's much better than it was.
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
More information about the MIMEDefang
mailing list