On Fri, 30 Jul 2004, Tim Schutt wrote:
On Jul 30, 2004, at 4:09 PM, Bill Moran wrote:
If you're going to send notification, there is only one _proper_ way to do it: analyze the Received: headers and find out where the virus _really_ originated, then contact the abuse@ address for that domain with the message.
I completely understand where you are coming from, and I am only intending on notifying the intended recipient of the email, not the "sender" for the very reason that you note. If it was just me, I would can the message and be done with it. However, I am in the midst of marketing this service to some highly security conscious people so I would like the reinforcement of the notifications for their piece of mind and a little customer-stroking reminding them how great the service is. :-)
[Format recovered--please don't top-post. It makes responding to your messages difficult and time-consuming, to the point that many people won't bother.]
"Virus detected" messages are generally abusive. Here are some problems I've experienced on the receiving end of antivirus notification messages:
* Sent to the forged From address. We'll skip the issue of a virus checker that trusts any content in a virus-generated message; what about long CC: and BCC: lists?
* Sent to the intended victim--"Hey, you almost got away without being harassed, but we wanted to brag about our antivirus system."
* Some include "this message guaranteed virus-free" text. It's like the sender is saying "please sue me".
* Sent outside the detecting system's domains, spreading the damage. If you must send notifications, send them only to those systems you control, and where you are responsible to your users.
* Antivirus software forges "[EMAIL PROTECTED]'sdomain" into the From: line. Senders of these messages get a 550 reject for all further mail.
* Some notifications include the virus. Yes, there are actual "antivirus" programs out there that are dumb enough to do this.
Bearing that in mind, here's a suggestion for clamav flags:
clamav_milter_flags="--quiet --local --outgoing --max-children=50 --dont-log-clean --noxheader --outgoing"
-Warren Block * Rapid City, South Dakota USA _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
