[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications

[Matthew.van.Eerde at hbinc.com]

Kelson wrote:
> WBrown at e1b.org wrote:
>> My address would have to be forged by a virus that uses a relay, and
>> most of the current viruses are direct to MX with their own SMTP
>> engines.  In these cases this is moot.  The message just dies with
>> 550. 
> 
> Expect this to change as more ISPs start filtering outgoing SMTP
> connections.  All a virus (or spam zombie) has to do is extract the
> settings from the user's mail config and send via the ISP's relay.
> 
> Depending on how the app stores the password, it may even be possible
> to use SMTP AUTH.

Actually, this is a Good Thing (TM)

Why?  Because then it becomes very easy to track down virus infections.  We can just call the ISP, say "Your customer Jane Vera is infected", and they disable the customer account.

The customer calls to complain that they're unable to use their email, and the tech support walks them through a virus scan.  And a password change.

-- 
Matthew.van.Eerde (at) hbinc.com                 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com         Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"