[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications

Chris Gauch cgauch at digicon.net
Thu Jun 30 16:25:21 EDT 2005

Matthew.van.Erde wrote:
> My call...
> IF I'M THE OWNER OF THE infected.cableuser.example COMPUTER:
> I will install SMTP-aware virus-scanning desktop software such as AVG.  I
> will configure my MUA to use the cableuser.example mail server for SMTP.
> (POP3 is another matter.)

Well I certainly hope it's not AVG.  AVG is simply atrocious.  Microsoft
Paint could detect a virus more reliably than AVG... (sorry; opinionated, I

> IF I'M THE ADMIN OF THE mta.forwarder.example SERVER:
> I will scan all incoming email for viruses.
> If mta.end.example rejects, I will attempt to send a bounce message
> containing only some information... basically, the relevant headers.

I wish this was always the case, but it's simply not.  Your choice to do
this is a wise one, however.  Too bad MTA's don't remove viruses from the
NDN, at least not without some modification to their standard policies.
> IF I'M THE ADMIN OF THE mta.end.example SERVER:
> I will reject detected viruses, and I won't lose any sleep over
> angel at innocent-bystander.example's infection.  If innocent-
> bystander.example yells at me, I'll tell them to check their headers and
> go yell at mta.forwarder.example.

Ha -- this was why I was on your side a year ago (believe me, until a few
months ago I ALWAYS rejected viruses, but I've seen the light and dark
sides, and my decision to discard was a careful but "best for the greatest
number" decision). I've been quite weathered since I actually had to say the
response above to clients thousands of times and NONE of the clients
accepted that response, nor did they really fully understand it.  This is
just the reality of the situation.  If your client is technical, ok, he/she
may be ok with the response, but I can assure you that the response you gave
above DOES NOT WORK in reality (no matter how correct it may or may not be).
The client knows that the rejection somehow came from your server, and the
rejection contained a virus that infected their PC, the buck stops there --
end of the road.  That's all that matters to the client.    

> IF I'M THE ADMIN OF THE innocent-bystander.example NETWORK:
> I'll either install adequate virus protection or outsource the email
> server.  Worst-case, users can sign up with freemail accounts and use
> those.

Losing clients to free mail service is not a good solution for any ISP
trying to make it these days.  You also have gone out on a limb assuming
that innocent-bystander.example NETWORK has an admin... 

- Chris

Chris Gauch
Systems Administrator
Digicon Communications, Inc.
cgauch at digicon.net  

More information about the MIMEDefang mailing list