> > 1. I am an infected Windows PC. I use SMTP to send the virus to my > default SMTP gateway, it rejects the message (due to virus) > at the SMTP > layer. The virus doesn't report that SMTP error to the end user - so > they are unaware they are infected. >
How many viruses send mail via the SMTP gateway defined in your mail client - nearly 0. > 2. I am an infected Windows PC. I use SMTP to send the virus to my > default SMTP gateway, it doesn't do virus scanning so it just > passes it > on to the next SMTP gateway. Eventually it meets a gateway > that rejects > the message at the SMTP layer. The SMTP failure generates a > bounce that > goes to the "MAIL FROM" address - which isn't the infected user - so > they are unaware they are infected. > Ditto... > 3. I am an infected Windows PC. I use SMTP to send the virus to my > default SMTP gateway, it doesn't do virus scanning so it just > passes it > on to the next SMTP gateway. Eventually it meets > Qmail-Scanner (set to > send alerts always) that accepts the message, scans it and > then sends an > alert that goes to the "MAIL FROM" address - which isn't the infected > user - so they are unaware they are infected (i.e identical to "2." > except it has a much better error message). > Ditto... > 4. I am an infected Windows PC. I use SMTP to send the virus to my > default SMTP gateway, it doesn't do virus scanning so it just > passes it > on to the next SMTP gateway. Eventually it meets > Qmail-Scanner (set to > default of not notifying sender) that accepts the message, > scans it and > then exits. Real sender still unaware they are infected. > > Ditto... A majority of all viruses carry their own SMTP engine... At least every major virus in the past 2 years has. They do not know or care about your mail settings. Sending a 550 to the virus smtp engine is the end of the line, whereas a notification generated to the return-path (mail from envelope) only creates more problems. So, 1) don't notify senders! 2) if you want valid senders to aleast know mail delivery failed, use an STMP error code. Nobody will bitch at you for handing a 550 to a virus infected email... I guarantee it! Dallas ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
