[67156] in North American Network Operators' Group
Re: antivirus in smtp, good or bad?
daemon@ATHENA.MIT.EDU (Adi Linden)
Tue Feb 3 14:23:48 2004
Date: Tue, 3 Feb 2004 13:14:11 -0600 (CST)
From: Adi Linden <adil@adis.on.ca>
To: Joe Maimon <jmaimon@ttec.com>
Cc: nanog@merit.edu
In-Reply-To: <401FD124.2030503@ttec.com>
Errors-To: owner-nanog-outgoing@merit.edu
> I think we have all agreed in previous threads that if a mail anti virus
> scanner does not know how to differentiate between a virus that spoofs
> the sender and one that doesnt, it should silently discard all virus
> infected email -- OR notify the local administrator/user at their
> choosing, but NOT bounce it.
Since the notion not to bounce a "you mailed a virus" message back the
sender is heard everywhere, I thought I'd mention this.... Our mail server
generates an incredible amount of bounces because of user accounts either
not existing or being over quota. The signature based virus scanner hooks
in at the local delivery, so the mail spool isn't scanned for viruses. As
a result many messages are returned intakt, including attached virus, to
the fake 'From:' address.....
The fun and games of an archaic, abused, defunct mail delivery system...
Adi
