[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications

[Matthew.van.Eerde at hbinc.com]

Les wrote:
> 
> I'm asking about your direction. If you've accepted a message from
> some user, queued it, then your attempt to deliver is rejected and
> you construct a bounce (suppose the next server's virus scanner is
> better than your own...), how do you ensure that the bounce you
> send goes to your user's mailbox, not some forged address?

Ooh, good question!  I didn't consider this possibility, but it's very legitimate.

I've got responsibility for delivering an email, and I've been informed that it's a virus... what do I do...

Especially since I have no way to be absolutely sure that it really is a virus, I'm just going on someone's word...

I'd have to say, in this case there is no choice but to create a bounce message.  I wonder, though, if there's a way to do it that wouldn't include the virus?

Certainly include the reject message I got from the next-hop server.  Maybe grep this for /virus/ and if found have the bounce subject be WARNING THIS EMAIL MESSAGE PROBABLY CONTAINS A VIRUS...

Another option is for me not to accept the email until I'm sure the next-hop will accept it.  I could do this as an SMTP proxy... but the DATA step could slow down, which is a bad thing

Sending MTA -> GatewayMTA: DATA...
	Gateway MTA -> RecipientMTA: DATA...
	Gateway MTA <- RecipientMTA: 550 message contains virus
Sending MTA <- GatewayMTA: 550 message contains virus

-- 
Matthew.van.Eerde (at) hbinc.com                 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com         Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"