Re: [Exim] What do you do when you recieve a virus?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Kevin Reed
Date:  
À: exim-users
Sujet: Re: [Exim] What do you do when you recieve a virus?
Asbjorn Hoiland Aarrestad said:
> Steve Thomas wrote:
>
>> On Thu, Feb 19, 2004, Asbjorn Hoiland Aarrestad said:
>>
>>>1. Reject the mail!
>>>2. Save the mail to /dev/null
>> 3. Deliver as normal
>> I reject using exiscan. Most viruses use their own SMTP engines, so
>> rejecting those viruses isn't likely to generate a bounce to anyone.
>
> I've gotten (myself and others) plenty of messages claiming that I've
> send somebody a virus, and that my computer is infected, and i know
> nothing about the domain sending me this message. This is why I posted
> this question.....


Welcome to planet Earth... :-)    This is  O L D  news.


Mydoom like many others before it messages using forged From headers.
Stupid Anti-Virus programs that want to send a message claiming to save
the day incorrectly assume the From user is the one that actually sent the
message.

This is not new...

In my opinion, any email that a server (or infected computer) wants to
hand to my server that I deem as invalid, harmful or plain unwanted, is
the responsiblity of the sending computer to figure out what to do with it
if I DENY it at SMTP time.

If I accept the message, then it is my responsiblity.

So, if I don't want it and can DENY at SMTP time, I do so. If I have
already accepted the message, I DISCARD it into a black hole.

If they in turn generate a bounce based on that, that is their problem.

Most infected computers will not do anything with it, just churn out the
next victim...

Anyone that provides relay services for someone else needs to decide what
they want to do since they are responsible for any email they accept. If
they start sending me bounces that clearly didn't come from my server, I
will block them.

--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums - http://exim.got-there.com/forums