Re: [Exim] FIY: Turn off virus alerts to sender (slightly OT…

Top Page
Delete this message
Reply to this message
Author: Tim Jackson
Date:  
To: exim-users
Subject: Re: [Exim] FIY: Turn off virus alerts to sender (slightly OT)
Hi Calum, on Wed, 11 Feb 2004 18:42:10 +0000 you wrote:

> I note that the current exiscan docs have as an example:
> deny message = This message contains malware ($malware_name)
>       demime = *
>       malware = *
> which will of course cause a virus warning bounce back to the forged
> sender.


Actually, no, it doesn't. It won't generate anything except a 5xx SMTP
return code. This has been covered many times in the archives, so I won't
go over it in detail but basically in many/most cases the sender will be a
virus's own SMTP engine, which won't of course generate a bounce, hence
the virus will disappear into the ether. If the remote end is a "real"
mail server then yes, *it* will normally generate a bounce, but there's
nothing I can do about that short of making my mail system unreliable.

> Since many of us use exiscan, and are likely to follow its
> documentation, perhaps someone should ask Duncan


Tom :)

> Are you suggesting that the ACL action should be an accept/freeze,
> rather than a deny?


No. Although that is of course an option.

> Would there be an easy way to drop the message on the floor, as opposed
> to freezing it, after accepting it,


You could accept it, perhaps setting a warning header on the way, and then
devnull it?

Tim