[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications
Chris Gauch
cgauch at digicon.net
Wed Jun 29 18:35:21 EDT 2005
Les Mikesell wrote:
> If the thing sending is a standards-conforming MTA, your refusal
> obligates it to construct a bounce back to what it thinks is the
> sender. In the case of viruses, this will always be incorrect so you
> are likely swamping some innocent party's mailbox with bounces.
This is probably the best argument FOR silently discarding viruses. Any
standards-conforming MTA will send a "delivery failure" message back to the
alleged sender (undoubtedly forged in the header of the message generated by
the virus), so by rejecting a virus you actually perpetuate the problem,
keeping the virus at-large and inevitably bouncing to some legitimate
recipient. The recipient may, in turn, ignorantly open the attachment
encapsulated in the bounce and infect his/her own PC; so I guess the creator
of that virus accomplished the mission anyway (it wound up in someone's
inbox, and that's all that matters).
Just look at what SOBER did for almost 2 weeks (about 1 month ago). If
everyone had been silently discarding messages infected by SOBER at their
gateways, the virus would've had a much smaller impact on home users and
small to medium businesses. There were times where we were discarding over
200,000 virus-infected messages per day; virtually ALL of those discards
were from BOUNCES that had encapsulated the virus in the bounce message.
- Chris
------------------------------------------
Chris Gauch
Systems Administrator
Digicon Communications, Inc.
http://www.digiconcommunications.com
cgauch at digicon.net
More information about the MIMEDefang
mailing list