On Wed, 14 Jul 2004, Gavin Aiken wrote: > However I do have a setup question (or maybe a feature request) - is it > possible to have the milter only bounce some messages, based on what virus > or worm is found in the attachment? For example, I receive a number of > emails every day with the SomeFool, LovGate and Bagle worms - these all use > forged 'from' addresses so bouncing the message back is usually not useful > at all (and clogs up the mail server). In fact I have had a number of emails > from people asking about the email they have supposedly sent me we are > tedious to explain if people don't know about spoofing. However, on the > other hand, if someone I know sends me a Word document with a macro virus, I > definitely want my mail server to bounce the message back to them so they > know there's a problem, that I haven't received their email and they need to > sort out the virus. So I don't want to stop sending some bounces. > > So, what would be great would be a feature in the milter where we could only > send bounces out to certain worms or viruses, and not bother with the ones > that are known to spoof From addresses. What does everyone think? Or has > anyone already come up with a way to do that, that they would like to share?
The way you do that is by rejecting messages at SMTP time, rather than accepting them and then bouncing them. If the message was coming from a virus-infested windows box, the virus won't know how to deal with the rejection, so no bounce will be generated. If, on the other hand, it was a legitimate message with an accidental virus attachment, then it will be coming from a legitimate mailserver, and that mailserver will send a bounce to the sender. It's a win-win situation. The catch, of course, is if a virus goes through a relay before coming to you, then the relay will generate the bounce. But I see that as the fault of the relay (for accepting/forwarding virus-infected mails) and not the fault of the machine running clamav. Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
