Michael wrote:
But you do not know the sender. You only know an address that the
virus presents as the sender address. And you trust the virus...
Ok, i see you must have experience. Are there really so many virussender
who specify a fake REAL EXIST mail address?
I infer that you've never had one of your users or domains be used as a forged
sender address? (You'd know the answer is "yes", if you had. :-)
Anyway, amavisd-new lists a dozen or so examples:
# Treat envelope sender address as unreliable and don't send sender
# notification / bounces if name(s) of detected virus(es) match the list.
# Note that virus names are supplied by external virus scanner(s) and are
# not standardized, so virus names may need to be adjusted.
# See README.lookups for syntax.
#
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper'i,
);
...and there will be more to come, no doubt. I still see Nimbda, Klez, and
Sobig wandering by in the ~5 viral emails average per day that make it through
other filtering like postgrey's greylisting.
--
-Chuck
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
