On Thu, 31 Mar 2005, Brian Candler wrote:
> Where you *could* write a filter is for bounces of the form "you are
> infected with a virus". These are entirely useless, because viruses
> always forge the return address
Indeed. But we don't normally let them get as far as filtering.
TimJ's bogus-virus-warnings.cf from
http://www.timj.co.uk/linux/sa.php
do a pretty neat job[1] of spam-rejecting them (and then at least
there's /some/ chance, even if microscopic, of the offending mail
admin spotting some kind of a clue, rather than us apparently
accepting the garbage and then quietly dumping it at the filter
stage).
Actually, some of this garbage is rather less obvious than a direct
accusation of having sent a virus. Most of the bogus notifications
which slip past our defences nowadays turn out to be rejections which
purport to be reporting "unknown recipient", but at the end of the
report there's a footnote saying "you attached a disallowed
content-type to your mail, and we quarantined it". They come in so
many creatively-worded varieties that they're hard to auto-categorise
reliably. Bleagh.
[1] OK, so we have a few local additional rules to help.
