Hi Calum, on Wed, 11 Feb 2004 18:42:10 +0000 you wrote:
> I note that the current exiscan docs have as an example:
> deny message = This message contains malware ($malware_name)
> demime = *
> malware = *
> which will of course cause a virus warning bounce back to the forged
> sender.
Actually, no, it doesn't. It won't generate anything except a 5xx SMTP
return code. This has been covered many times in the archives, so I won't
go over it in detail but basically in many/most cases the sender will be a
virus's own SMTP engine, which won't of course generate a bounce, hence
the virus will disappear into the ether. If the remote end is a "real"
mail server then yes, *it* will normally generate a bounce, but there's
nothing I can do about that short of making my mail system unreliable.
> Since many of us use exiscan, and are likely to follow its
> documentation, perhaps someone should ask Duncan
Tom :)
> Are you suggesting that the ACL action should be an accept/freeze,
> rather than a deny?
No. Although that is of course an option.
> Would there be an easy way to drop the message on the floor, as opposed
> to freezing it, after accepting it,
You could accept it, perhaps setting a warning header on the way, and then
devnull it?
Tim
