----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, December 13, 2004 7:16 AM Subject: Re: [Mimedefang] Need help with virus notifications
> [EMAIL PROTECTED] wrote on 12/10/2004 09:54:47 > PM: > > > As a matter of policy, I reject (550 SMTP reject) any virus infected or > > bad_filename emails. if there's a legitimate user at the other end, > > they'll get notification of the failure. if there isn't, the noise > > should be minimal. Take the time to identify whether the message is a mass-mailer that falsifies the sender's address. This is simple to do, and it avoids attacking an innocent (remember, the bounce might include the infected attachment ... and the bounce is going to the one person in the world who DID NOT send the virus in the first place). The exact strings to look for in the virus name vary somewhat by vendor, but I use: return action_discard if ( $VirusName =~ /(^Worm\.|[EMAIL PROTECTED]|^HTML\.)/i ); @MM means "Mass Mailer" in McAfee and Symantec engines. Worm. means the same thing with ClamAV HTML. means a Phishing message with ClamAV If the virus doesn't match one of those strings, then you can action_bounce(...) without being "part of the problem" like many of the commercial A/V e-mail scanners. Chris Myers Networks By Design _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
