[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications
Les Mikesell
les at futuresource.com
Thu Jun 30 14:19:42 EDT 2005
On Thu, 2005-06-30 at 12:58, Matthew.van.Eerde at hbinc.com wrote:
> Les wrote:
> >
> > I'm asking about your direction. If you've accepted a message from
> > some user, queued it, then your attempt to deliver is rejected and
> > you construct a bounce (suppose the next server's virus scanner is
> > better than your own...), how do you ensure that the bounce you
> > send goes to your user's mailbox, not some forged address?
>
> Ooh, good question! I didn't consider this possibility, but it's very legitimate.
>
> I've got responsibility for delivering an email, and I've been informed that it's a virus... what do I do...
You've received a 5xx error from the 'next' MTA, the text of which is
irrelevant. The point is that this is exactly the position of the MTA's
with virus scanners worse than your own when you reject their
transmission. They have no choice but to construct a bounce, and
no way to ensure that the sender address was not forged. Spammers are
already taking advantage of this to deliver to places that would
otherwise reject the content or sending address and viruses most
likely do too.
--
Les Mikesell
les at futuresource.com
More information about the MIMEDefang
mailing list