[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications
Matthew.van.Eerde at hbinc.com
Matthew.van.Eerde at hbinc.com
Thu Jun 30 13:58:44 EDT 2005
Les wrote:
>
> I'm asking about your direction. If you've accepted a message from
> some user, queued it, then your attempt to deliver is rejected and
> you construct a bounce (suppose the next server's virus scanner is
> better than your own...), how do you ensure that the bounce you
> send goes to your user's mailbox, not some forged address?
Ooh, good question! I didn't consider this possibility, but it's very legitimate.
I've got responsibility for delivering an email, and I've been informed that it's a virus... what do I do...
Especially since I have no way to be absolutely sure that it really is a virus, I'm just going on someone's word...
I'd have to say, in this case there is no choice but to create a bounce message. I wonder, though, if there's a way to do it that wouldn't include the virus?
Certainly include the reject message I got from the next-hop server. Maybe grep this for /virus/ and if found have the bounce subject be WARNING THIS EMAIL MESSAGE PROBABLY CONTAINS A VIRUS...
Another option is for me not to accept the email until I'm sure the next-hop will accept it. I could do this as an SMTP proxy... but the DATA step could slow down, which is a bad thing
Sending MTA -> GatewayMTA: DATA...
Gateway MTA -> RecipientMTA: DATA...
Gateway MTA <- RecipientMTA: 550 message contains virus
Sending MTA <- GatewayMTA: 550 message contains virus
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
More information about the MIMEDefang
mailing list