|The the DATA command is over most of the damage in terms of |bandwidth has |been already done. You do have the option inside your filter to reject |w/out notification and you just have to make your filters |smarter to use |such code in cases like the latest SoBig. That, BTW, could be detected |w/out falling inside the AV engine because of the predictable subjects.
The main problem is: if the message is sent using virus's own SMTP engine, then when I reject it in SMTP stage, everything is fine - the virus's SMTP is required to handle it, and most likely it will simple discard it. But when I'll accept message and then generate NDR, the innocent victim address of which was used by victim, would be spammed with the NDR's. I have no intention to write engine tailored specifically to trap some virusses. I am writng content filter, which does not care about subject or content of message, is works on content-type and attachment file names, and therefore is generic. -- Altair - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
