2003-09-26T13:49:08 Louis Erickson: > If there is malware in the message, why are you delivering it to the end > user? If there's nothing but malware, or if it's recognized as a worm, then silently dropping it is in order. But in the general case, you must assume that people would rather e.g. receive a cover note and an injected sections saying that the application/ms-word was dropped because it had a macro virus, rather than silent dropping. As for rejecting, no thanks, I'm already getting too many pieces of crud in my inbox because of badly-configured scanners that think they can trust sender info in incoming traffic. Rejecting (at SMTP dialogue time) isn't as bad as bouncing (which depends on the trivialy forgable envelope sender), but in these days of spammers exploiting open relays, it's still not appropriate. Malware should be absorbed, then dropped only if you're sure there's no real content, otherwise sanitized and forwarded. > In another life I run an ISP. I run virus scanners on all > incoming and outgoing messages. Viruses are rejected at SMTP > time, and the messages are not delivered. Occasionally my ISP has to do that to cope with sudden traffic spikes, and whenever they do, I get threats from MLMs to unsubscribe me for the offense of being undeliverable. -Bennett
Attachment:
pgp00018.pgp
Description: PGP signature