On Wed, 30 Nov 2005, Tony Finch wrote: > On Tue, 29 Nov 2005, David Saez Padros wrote: > > > > The main problem is that most virus warnings don't use a null > > envelope sender. > > They are best handled in the traditional SpamAssassin manner, by > matching patterns in the message subject and body.
For many of them, this is indeed good advice. Some of them also use tell-tale envelope-sender addresses, which can be blocked (I even set up a specific rejection report for them, so - instead of the regular 5xx "your envelope sender address is locally blacklisted" - they get a specific "...blocked for sending bogus virus reports". Not that I'd expect them to have the wit to read these, but you never know - it might just stir half a neuron somewhere. If more of us did it, maybe the message would finally get through? Although we were lectured by a German site that their legislation mandated them to create such nuisance reports (which I hope is a misinterpretation of their law?). At least, we are not mandated to accept them! (except they are addressed to our postmaster/abuse address). Localparts like "antivirus", "Symantec_AntiVirus_for_SMTP_Gateways", "virusalert", "avadmin", "mailsweeper", "virus-protection", "viruschecker", even (I'm sorry to say) "clamav", feature in our list (case-insensitive match throughout). (Clarification: we don't block on the localpart alone - only on the complete addresses, but I'm not listing their actual domains here). > They have almost no useful information from the original message and > serve only as advertisements for the vendors' products (ads of the > kind that make the discerning viewer say "I wouldn't use that if you > paid me"). Well put, indeed! -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
