[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications

[Matthew.van.Eerde at hbinc.com]

Sven wrote:
> The only problem with 554 is in cases (like ours) where the AV machine
> is not the MX server, i.e. the MX (inbound) gateway does user and rbl
> checks then passes the email to the av scanner. A 554 on the av
> scanner would then cause the MX machine to try and bounce the email
> which then creates all the double-bounces and extraneous traffic.
> Ergo, our avscanners simply drop virus-laden emails.

This is a valid point.  We used to run this way.  I considered it a flaw in our network.  I went to a great deal of trouble to make sure that our MX servers did their own virus-scanning so I wouldn't have to choose between the three evils of:

* Send "your message to RECIPIENT was discarded as a virus" to the purported sender
* Send "A message to you from SENDER was discarded as a virus" to the recipient
* Silently discard

There are still some bounce messages we send - over quota, out of office - but it's much better than it was.

-- 
Matthew.van.Eerde (at) hbinc.com                 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com         Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"