[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications
Les Mikesell
les at futuresource.com
Thu Jun 30 13:25:15 EDT 2005
On Thu, 2005-06-30 at 10:02, Jim McCullars wrote:
> On Thu, 30 Jun 2005, Les Mikesell wrote:
>
> > You didn't answer when I asked this before so I'll try again. Viruses
> > virtually always use legitimate addresses found in the local contact
> > list or headers of received email - just not the real sender. How
> > does your system ensure that rejections by the next hop can only
> > be returned to the real sender, not a forged address?
>
> If I reject the email at our gateway, there is no "next hop".
I'm asking about your direction. If you've accepted a message from
some user, queued it, then your attempt to deliver is rejected and
you construct a bounce (suppose the next server's virus scanner is
better than your own...), how do you ensure that the bounce you
send goes to your user's mailbox, not some forged address?
--
Les Mikesell
les at futuresource.com
More information about the MIMEDefang
mailing list