[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications

[Matthew.van.Eerde at hbinc.com]

Les Mikesell wrote:
> On Wed, 2005-06-29 at 12:18, James Ebright wrote:
>> On Wed, 29 Jun 2005 12:52:22 -0400, Chris Gauch wrote
>>> I just think virus-infected email belongs in /dev/null
>> 
>> Yeah, but why accept it and send it to your bit-bucket in the first
>> place when you can simply refuse to accept it? ;-)
> 
> If the thing sending is a standards-conforming MTA, your refusal
> obligates it to construct a bounce back to what it thinks is the
> sender.  In the case of viruses, this will always be incorrect so
> you are likely swamping some innocent party's mailbox with bounces.

I have three problems with this argument.

Maybe the thing isn't a virus at all.  In which case the sender has a right to expect notification that their message didn't go through.

Even if it is... *I* am not swamping some innocent party's mailbox.  Somebody else is.  And that same thing is sending viruses, too.  Which is worse?  If enough people get swamped, someone related might trace the bounce notifications back to the source, and fix the infection.  Or fix the relay.  Either way, this is a good thing.

Finally... the standards-confirming MTA thing is a big assumption.  If the thing is really a virus, it's going to concentrate on sending itself, rather than following up with bounce notifications.

-- 
Matthew.van.Eerde (at) hbinc.com                 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com         Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"