On Mon, Dec 13, 1999 at 04:14:29PM -0600,
Dustin Miller <[EMAIL PROTECTED]> wrote:
> Of course, server-based virus scanning isn't for people like you and I,
> people who scan their e-mails regularly either on their own mail server or
> on the client side, or people who automatically distrust attachments.
(On this list most people are probably safe from viruses.)
>
> But you and I and other members of this list are the exception to the rule,
> not the norm. As for using just the envelope addresses, I disagree
> slightly. If mail leaving my server is bound for a number of recipients,
> all of whom are listed on ONE "TO" or "CC" header, I'm going to alert all of
> them that they may have received a virus. I will not, however, send a
> message from my server to a LIST, should one of my users send a virus to the
> LIST.
How do you know which addresses are lists?
> The more I think about it, though, the more I ask myself...
>
> Does the receipient REALLY need to know that someone tried to send them an
> infected file? If the sender gets a bounce message from MAILER-DAEMON that
> says, "I wasn't able to deliver your message; It was infected with the [blah
> blah] virus", wouldn't that be enough? What's the reasoning for informing
> the intended recipient that he was going to receive a virus, but didn't?
If you bounce the message you need to let the envelope sender know. If you
delay the message by embargoing it, then you might want to let the envelope
sender know.
The recipient should have a way to retrieve a message sent to them, even if
your scanner says their may be a virus in it. The result could be a false
positive. Virus scanners just do pattern matching looking for a portion of
a virus. They will occasionally flag messages that don't contain viruses.
The recipient might actually want to get the message in spite of the virus.
There may be nonvirus information that they want to see, or they may have
wanted a copy of the virus.
