[67184] in North American Network Operators' Group
Re: antivirus in smtp, good or bad?
daemon@ATHENA.MIT.EDU (Matthew Sullivan)
Wed Feb 4 01:01:19 2004
Date: Wed, 04 Feb 2004 15:59:40 +1000
From: Matthew Sullivan <matthew@sorbs.net>
In-reply-to:
<Pine.LNX.4.44.0402031353530.1968-100000@server2.tcw.telecomplete.net>
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Stephen J. Wilcox wrote:
>Hi,
> When investigating our mail queue it seems we have quite a lot of mails which
>are stuck in transit...
>
>Whats happening is we're accepting the mail as the primary MX for the domain but
>the user has setup a forwarding to another account at another ISP, they have
>antivirus service on that other account. So we get the mail, spool it and try to
>forward it but then we get a "550 Error: Suspected W32/MyDoom@MM virus" after
>DATA and our server freezes the mail.
>
>Surely this is an incorrect way to do this as there will be lots of similar MXs
>like ours backing this mail up? They should accept the mail and then bounce it?
>
>
That's what I just wrote a patch into Postfix to do.... (
http://www.isux.com/projects/ if anyone is interested, uses libclamav )
This is the only way I can see the virus laden mails should be dealt
with - you certainly cannot return it to the sender, that is _most_
annoying, causes no end of users to call the support desk about being
virus laden when they haven't actually been infected etc...
/ Mat
