North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: To send or not to send 'virus in email' notifications?

  • From: Stewart, William C (Bill), RTSLS
  • Date: Wed Aug 20 19:44:22 2003

Hash: SHA1

The right answer for the original question is probably
"Buy an email server package with virus scanning hooks" or
"Get a virus scanner with sendmail milter hooks"
rather than specific details of how to set it...

The suggestion to do virus filtering during the 
message transfer stage rather than the delivery stage is good.
It looks like sendmail milters can be tweaked to do this,
though unless they can recognize the virus from the mail headers,
they have to wait until the end-of-message hook to do it,
i.e. after the whole virus has been transferred
but before the message acceptance codes get transferred.
It's too bad that it's difficult to send a reject code 
and continue a teergrube at the same time.

For virus scanners that run at other stages in the delivery process,
the right decision about whether to do a notification or not
is virus-dependent, if your anti-virus package supports it.
Sobig almost always forges sender addresses, so it shouldn't get a
but some other viruses don't forge the sender, and should get the
Limiting the responses to once a week per sender or whatever may
but only if the same sender gets forged a lot.

Yet another reason to cryptographically sign your outgoing mail,
not that I usually do so or that most people or mail clients check.

		Thanks; Bill Stewart

Version: PGPfreeware 7.0.3 for non-commercial use <>
Comment: PGP Freeware 703