[clug] Procmail rule to match all this virus email?
Marek Samoc
mjs111 at rsphy1.anu.edu.au
Thu Jan 29 00:00:18 GMT 2004
On Thu, 29 Jan 2004, Matthew Hawkins wrote:
...
MH>
MH> Michael Still said:
MH> > PS: What were the virus scanner people thinking when the wrote the code to
MH> > send me a warning of infection? I have as many of these as I do the virus,
MH> > and I'm _not_infected_!
MH>
MH> The problem is that they send it to the (forged) address listed in the
MH> From header rather than the SMTP envelope sender. A warning of
MH> possible infection is (usually) a good thing, though of course you
MH> could argue that end users don't need to know, the message should go
MH> to postmaster instead. I don't think its that black and white though
MH> in reality.
Both addresses are worthless for bounces. In most cases the infected
e-mail is sent directly from a PC that does not listen on the SMTP port,
so there is no way to bounce the message to the originator once the
original SMTP transaction is finished. The real e-mail address of the
owner of the PC does not enter the picture at all.
The only logical way of bouncing a virus infected message is to do it
during message collection, but this would require scanning the message on
the fly.
MH>
MH> What we need to do is educate the people who wrote these antivirus solutions
MH> to fix their broken implementations.
It is mostly the question of reconfiguring them out of default
configuration (e.g. amavis).
Marek
More information about the linux
mailing list