Jan-Pieter Cornet wrote:
But "helping" the virus by allowing it to spread to a secondary target (which most viruses now put in the "MAIL From" field), isn't good either.
I don't think you are really helping it by rejecting an email. There are pretty much two things that can happen.
1 - The sender is just some average Joe who is infected with a virus. I don't think I have seen a virus SMTP engine actually take a 5xx reject message and do the appropriate thing with it( could be wrong here.) So if I just reject the message the sender will end up blackholing it anyway. Also it is pretty much game over for the sender anyway because they are spewing garbage email everywhere anyway. Whether they are sourcing the email or bouncing it doesn't really matter, the computer is infected and needs to be fixed. 2 - The sender is actually a legitimate mail server for some company, ISP, etc. Really they should be scanning outgoing mail for viruses anyway, and maybe they are and their scanner is missing them. Assume that some employee/customer is infected and is relaying mail with bogus from addresses and I reject the message. The sending server will probably bounce that message to some poor sob somewhere. However, the sending server admins will get the complaints at which point the problem can be tracked down and ultimately fixed. There is also the possiblity that the sending server is relaying you some email with a legitimate from address and some attachment with a virus in it. At which point it is good to send a reject message because it will get back to the customer/employee who sent it and hopefully clue them off that they have a problem. In the end I see way way more bounces with servers accepting email for invalid users then I do from email rejected for virus infection. Steve _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
