[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications

[Matthew.van.Eerde at hbinc.com]

Chris Gauch wrote:
> No matter how you slice it, you are adding "risk" by perpetuating the
> existence of a virus when you reject at the SMTP level.

I see your point...

I do have two more things to say though.

1. I do plenty of rejections before DATA time.  For example, I reject invalid addresses at RCPT time, before I have a chance to scan for viruses.  Isn't it this also bad under your standards?  It also results in viruses-wrapped-in-NDRs being delivered to innocent bystanders.  Are you suggesting I should defer all rejections until after I've scanned the data?

2. Imagine a USPS mail counter.  Someone walks up to the counter with a 5lb package that has wires sticking out of it, smells of gasoline, and is ticking.  The package has plenty of postage and the return address is the White House.  (This USPS mail counter is not in the same ZIP code as the White House.)

What is the mail clerk to do?

He could take the package and turn it over to the bomb squad, who will blow it up. (action_discard)

Or he could say "I'm sorry, sir, we can't deliver this package for you."

If he takes the first action, it's entirely possible that the package was Jenna Bush's science project (not likely... just, "possible") and that the USPS clerk will be fired shortly.

If he takes the second action, the customer could walk across the street to Bob's Overnight Delivery Service, who doesn't have such a strict package policy.

As a sub-case of this, Bob might find that the addressee does not exist, and so attempt to return it... to the White House, naturally.  (Bob's in for a bit of a shock if he does.)

-- 
Matthew.van.Eerde (at) hbinc.com                 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com         Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"