On Mon, Sep 20, 2004 at 04:26:40PM -0700, [EMAIL PROTECTED] wrote:
> It is perfectly acceptable to place an explanatory message in an SMTP
> REJECT message.
Acceptable, maybe, but I believe it's better to simply discard all
viruses.
Why? Since all you achieve with rejects is indirectly causing a lot of
"virus bounces" to appear at innocent bystanders.
If the virus delivers the email directly to your scanner - it doesn't
matter what return code you give.
However, if the remote end is a real mailserver, either because the
virus is programmed to send via the default outgoing smtp server, or
because someone .forwards all mail to you, or maybe because there's
a lower preference MX for some domain, or maybe even because some
viruses abuse any listening port 25 that's willing, and one of those
smarthosts to your server, then you will cause that other mail server to
send a bounce to the wrong person.
And even in case the virus does _not_ fake the sender address, then
a 5xx return code will land a bounce in the mailbox of someone who
is ignorant enough to get infected by a virus. Probably someone who
deleted JDBGMGR.EXE a few months ago, and was then told by the sysadmin
to NEVER trust any email again saying "you have a virus". Or in other
words, a person who is guaranteed to not understand any message a
MAILER-DAEMON sends them.
In short, I do not see any merit in letting the sender of a virus
know that they sent a virus. If you really want to do something,
contact the abuse contact/postmaster of the site sending the viruses,
in a nice daily or weekly summary. But there's no automated software
for doing that, and doing it by hand is really difficult and a lot
of work.
However, there's also the issue of false positives, but I've always
assumed they are practically negligable. What I'd really like is
to report viruses at SMTP level like this:
>>> DATA
<<< 354 continue
>>> [virus laden email]
>>> .
<<< 250 OK, your $virus infected email was DISCARDED.
But unfortunately, you cannot change the "success" reply with milter :(
--
#!perl -wpl # mmfppfmpmmpp mmpffm <[EMAIL PROTECTED]>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig; # Jan-Pieter Cornet
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
