Does it make sense, with any of these viral traps, to send a note to the
sender telling them they are infected? I mean, if it might help, I'd be more
than happy to spend a little bandwidth to send a note back, but _does_ it
really do any good? Does the poor schlub really go for days not knowing s/he
has the thing (I've never had one, since I don't allow the Win boxes here to
connect to the Net)? And what happens in the event of a false positive
(although it wasn't a viri filter, I once had a filter misfire everytime
there was a pipe in the subject, so even with the best-laid plans...)?
My take on this (but I'm biased - www.amavis.org :-):
- yes, it does apparently happen that someone's PC keeps sending the stuff
for days and days without the user noticing; I've had one particular case
where the same virus-infected message (same message-id) came in for about
ten days. The envelope sender was empty, and the message was relayed through
a hosting service, so I couldn't tell by the headers who the original sender
was. I sent email to and even rang the ISP numerous times, but it took
almost two weeks before this was stopped.
- virus scanning _should_ be done in the MTA, and not at local delivery time
by procmail. This is much more efficient. Alternatively, one can use the
MTA's access rules (if such features exist) to block certain content, then
the sender will receive the usual SMTP error message.
- our amavis software has configurable notification options. My config here
is to notify sender, intended recipients, and local postmaster. So yes,
I think notifications are useful :)
- one false positive is more acceptable than one trojan or worm getting
through and roaming your organisation. Anti-spam alone creates a lot
more false positives in general than anti-virus.
YMMV.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail