That is a good point and I have changed the '6' to a '4'. It would be nice though to notify whoever is sending these viruses so they can get their system cleaned up, but I do see the logistical problems with that. I am somewhat concerned about sending email to the 'bit bucket' with no sort of review, but without being able to identify the sender accurately, I guess this is best.
... Jason Badry At 06:12 PM 3/10/2004 -0500, Tracy wrote: >May I *strongly* recommend that you do not send bounce notices for virus >emails? A large percentage of the virus emails these days are from forged >senders, so by producing and sending a bounce notice, you are - in effect - >notifying an innocent party that they "have a virus", when they don't. >If you feel you *must* notify someone, you should write some custom code to >take the connection IP address (which delivered the mail to you) and work >out the appropriate abuse mailbox for that domain. That would at least get >it to the ISP of the machine which delivered the email to you. > >A lot of the spam activists out there are also blocking based on bounces to >forged senders, so if you proceed you may find your mail delivery blocked >at various locations. > >Just a thought... > >At 17:59 3/10/2004, Jason Badry wrote: > > >I was just going to send a followup email, as this was indeed my problem (I > >changed the "RetCode" in filter.tab to a "6"). I've added quite a bit more > >logging and a configurable logging path to XAV so now it logs into my > >\Mailroot\Logs directory with the same filename as the other logs. > > > >I currently have the return code set to 6, but then this was notifying the > >postmaster of the errors, so I have for now turned postmaster error > >notification in the system.tab. Is there a return code that would notify > >the sender, but not notify the postmaster? I'd like to leave postmaster > >error notification on, but I don't want to know about every virus file. > > > >Thanks, > > > >... Jason Badry > > > >At 10:56 PM 3/10/2004 +0100, you wrote: > > >Are you using the correct returncode in the filter.tab? > > > > > >-----Oorspronkelijk bericht----- > > >Van: Shiloh Jennings [mailto:[EMAIL PROTECTED] > > >Verzonden: woensdag 10 maart 2004 22:33 > > >Aan: [EMAIL PROTECTED] > > >Onderwerp: [xmail] Re: AV Filtering Paths > > > > > > > > >I am having the same problem. I am using XAV, ripmime, and f-prot for > > >dos. According to the XAV.log file it appears to be catching the virus > > >attachments, but the virus messages are still passing through to the > > >mailboxes. I am not really sure how to debug this problem. Anybody > > >have any ideas? > > > > > > > > >----- Original Message -----=20 > > >From: "Jason Badry" <[EMAIL PROTECTED]> > > >To: <[EMAIL PROTECTED]> > > >Sent: Wednesday, March 10, 2004 2:19 PM > > >Subject: [xmail] Re: AV Filtering Paths > > > > > > > > > > Thanks for ripMIME. It got me one more step forward. I now have > XAV=20 > > > > detecting the virus (reporting so in the log file), but XMail is still > > > > > > > letting the file continue on its way. I'm wondering if my XAV > script=20 > > > > is the newest available. The one I have was last updated on 16Oct2003 > > > > > > > by D. Olivier. I've added several debug statements to capture > system=20 > > > > calls and errorlevel return codes, but nothing besides that so far. > > > > > > > > What AV scanners are people typically using? Is the ClamAV one fairly > > > > > > > robust / workable for Win32 (XMail 1.17 / Windows 2000). > > > > > > > > Thanks, > > > > > > > > ... Jason Badry > > > > > > > > At 08:37 PM 3/10/2004 +0200, you wrote: > > > > >Arrrr, I forgot to mention that there's a new version of ripMIME > but=20 > > > > >the Windows port seems to be causing some trouble so I recommend=20 > > > > >sticking to 1.3.0.5 for now (If anyone *really* wants > 1.3.1.0/Win32,=20 > > > > >e-mail me off the list). > > > > > > > > > >Liron Newman wrote: > > > > > > > > > > >Try using ripMIME from pldaniels.com. The main stable source tree=20 > > > > > >doesn't compile on Windows but I made a modified version that does. > > >I've > > > > > >worked with it for about a month and it stopped thousands of > virus=20 > > > > > >messages.. So you can say it's working well. :) > > > > > > > > > > > >Grab my build from > > > > > > > > ><http://eesh.net/ripmime-1.3.0.5.Modified_for_Win32_[plastish_at_ulti > ne>t_ > > > > > dot_org].zip>, > > > > > >the EXE is under RipMime\Release in the ZIP. > > > > > > > > > > > > > > > > > > > > > > > > > > > > >- > > > > >To unsubscribe from this list: send the line "unsubscribe xmail" in=20 > > > > >the body of a message to [EMAIL PROTECTED] For general help:=20 > > > > >send the line "help" in the body of a message to=20 > > > > >[EMAIL PROTECTED] > > > > > > > > - > > > > To unsubscribe from this list: send the line "unsubscribe xmail" in=20 > > > > the body of a message to [EMAIL PROTECTED] For general help:=20 > > > > send the line "help" in the body of a message to=20 > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > >- > > >To unsubscribe from this list: send the line "unsubscribe xmail" in the > > >body of a message to [EMAIL PROTECTED] For general help: send the > > >line "help" in the body of a message to [EMAIL PROTECTED] > > > > > > > > > > > >- > > >To unsubscribe from this list: send the line "unsubscribe xmail" in > > >the body of a message to [EMAIL PROTECTED] > > >For general help: send the line "help" in the body of a message to > > >[EMAIL PROTECTED] > > > >- > >To unsubscribe from this list: send the line "unsubscribe xmail" in > >the body of a message to [EMAIL PROTECTED] > >For general help: send the line "help" in the body of a message to > >[EMAIL PROTECTED] > > >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]