[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications

Les Mikesell les at futuresource.com
Thu Jun 30 15:16:53 EDT 2005 

On Thu, 2005-06-30 at 13:29, Matthew.van.Eerde at hbinc.com wrote:
> Chris Gauch wrote:
> > 
> > I missed this one...now you're actually doing a discard and notifying
> > the sender.  But...the sender could be forged, so now I have to deal
> > with a call from Jane Schmoe asking why she received the rejection
> > (raising my blood pressure and making my blood boil in fury that I
> > have to take yet another call from an innocent user posing this same,
> > broken record question -- if I received a dime every time I heard it,
> > I wouldn't be here, that's for sure!).
> 
> That's the price you pay for accepting the virus in the first place, Chris. :) Next time make sure to keep your gateway AV as up-to-date as the next-hop machine's.

You don't seem to understand that the people who receive these bounces
and notifications have nothing to do with the problem or the forwarders
causing them, and in the case of notifications that have the virus
removed, their own scanner can't even stop it.  The scenario is that
you send an email to some windows user or he adds your address to his
contact list.  Later that machine contracts a virus.  I've been involved
in two separate incidents where the virus spread several days before
any scanner recognized it, so please don't respond that virus protection
will always prevent infections.  Even if it did, this is some unrelated
user that just happens to have your address in his old email or contact
list where the virus can find it.  Now this machine starts sending email
with all permutations of To: and From: addresses that it can find, using
the outlook api or the smtp relay it finds configured.  Next step is
that every To: that does a rejection that causes a bounce to the
forged From: that can happen to be you drops in your mailbox.  Or worse,
it can be a user that you support that will call you up and ask how to
get rid of the virus that really has nothing to do with their machine. 

-- 
   Les Mikesell
    les at futuresource.com

More information about the MIMEDefang mailing list