Dave Ewart wrote the following on 07/27/2004 02:47 PM :
Don't notify the sender.
You'll just be generating unnecessary mail. In the case of most
virus-generated emails, which are the ones you are going to be
detecting, the sender address will be faked. Therefore, any
notification would go to the wrong person in any case.
You might want to be more accurate than that : worms using mail for propagation usually fake the From header, but when clamav detects a virus using other means of propagation (meaning the From couldn't be faked by the virus), notifying the sender is useful.
Amavisd-new is configured to do this by using : $viruses_that_fake_sender_re = new_RE( ... qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc [qr'^(EICAR|Joke\.|Junk\.)'i => 0], [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0], );
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
