At 03:26 PM 2/16/2003 +0000, Dr Andrew C Aitchison wrote:
>On Sun, 16 Feb 2003, Asbjørn Høiland Aarrestad wrote:
>
> > I don't really know what do to with viruses recieved and detected by
> > exiscan.... Should I just reject the mail? or should i save it to
> > /dev/null to make sure nobody else gets it..... ? Any ideas from you guy's
> > on the list?
>
>With exiscan and Exim version 4, I would stick with the default
>which is to reject at SMTP time, so it is the sending hosts problem.
>
>Bouncing viruses isn't sensible since many of them use forged from
>addresses.
I have seen that issuing a REJECT or a 5xx to virii is a problem, since at
least some of the direct to MX virii have this habit of hammering nonstop
at your server at several hundred times a minute (or more) if they get a
reject. I remember one time when someone behind multiple T1 lines got a
virus started hammering a box I admined, which was on a tiny little 64k line.
Accepting the mail and trashing it is a quite good way to go, in this case.
srs