On Thu, 15 Jul 2004, Gavin Aiken wrote: > The only case I'm worried about is what happens if our primary MX (which is > my box and had clamav installed) is offline for whatever reason (eg SDSL > down), and the mail gets routed via our secondary MX machines, which are at > Easynet and don't do any of this checking. When they try to deliver the mail > on to us, it will be rejected - will this cause a mail failure message to > get propagated all the way back to the reply-to address? If so then we're > good. However, so far in my tests this has been inconclusive. Anyone any > thoughts on that?
Yes, it will. It's an unfortunate result of your ISP having poor policies and not running a virus scanner of their own. Forward any complaints you get on to them. Damian > > From: [EMAIL PROTECTED] > > Reply-To: [EMAIL PROTECTED] > > Date: Wed, 14 Jul 2004 20:18:46 -0700 > > To: [EMAIL PROTECTED] > > Subject: Clamav-users digest, Vol 1 #839 - 4 msgs > > > > > >> However I do have a setup question (or maybe a feature request) - is it > >> possible to have the milter only bounce some messages, based on what virus > >> or worm is found in the attachment? For example, I receive a number of > >> emails every day with the SomeFool, LovGate and Bagle worms - these all use > >> forged 'from' addresses so bouncing the message back is usually not useful > >> at all (and clogs up the mail server). In fact I have had a number of emails > >> from people asking about the email they have supposedly sent me we are > >> tedious to explain if people don't know about spoofing. However, on the > >> other hand, if someone I know sends me a Word document with a macro virus, I > >> definitely want my mail server to bounce the message back to them so they > >> know there's a problem, that I haven't received their email and they need to > >> sort out the virus. So I don't want to stop sending some bounces. > >> > >> So, what would be great would be a feature in the milter where we could only > >> send bounces out to certain worms or viruses, and not bother with the ones > >> that are known to spoof From addresses. What does everyone think? Or has > >> anyone already come up with a way to do that, that they would like to share? > > > > The way you do that is by rejecting messages at SMTP time, rather than > > accepting them and then bouncing them. If the message was coming from a > > virus-infested windows box, the virus won't know how to deal with the > > rejection, so no bounce will be generated. If, on the other hand, it > > was a legitimate message with an accidental virus attachment, then it > > will be coming from a legitimate mailserver, and that mailserver will > > send a bounce to the sender. It's a win-win situation. > > > > The catch, of course, is if a virus goes through a relay before coming > > to you, then the relay will generate the bounce. But I see that as the > > fault of the relay (for accepting/forwarding virus-infected mails) and > > not the fault of the machine running clamav. > > > > Damian Menscher > > -- > > -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- > > -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- > > -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- > > -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- > > -=#| The above opinions are not necessarily those of my employers. |#=- > > > > ------------------------------------------------------- > This SF.Net email is sponsored by BEA Weblogic Workshop > FREE Java Enterprise J2EE developer tools! > Get your free copy of BEA WebLogic Workshop 8.1 today. > http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click > _______________________________________________ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
