antivirus in smtp, good or bad?
Matthew Sullivan
matthew at sorbs.net
Wed Feb 4 05:59:40 UTC 2004
Stephen J. Wilcox wrote:
>Hi,
> When investigating our mail queue it seems we have quite a lot of mails which
>are stuck in transit...
>
>Whats happening is we're accepting the mail as the primary MX for the domain but
>the user has setup a forwarding to another account at another ISP, they have
>antivirus service on that other account. So we get the mail, spool it and try to
>forward it but then we get a "550 Error: Suspected W32/MyDoom at MM virus" after
>DATA and our server freezes the mail.
>
>Surely this is an incorrect way to do this as there will be lots of similar MXs
>like ours backing this mail up? They should accept the mail and then bounce it?
>
>
That's what I just wrote a patch into Postfix to do.... (
http://www.isux.com/projects/ if anyone is interested, uses libclamav )
This is the only way I can see the virus laden mails should be dealt
with - you certainly cannot return it to the sender, that is _most_
annoying, causes no end of users to call the support desk about being
virus laden when they haven't actually been infected etc...
/ Mat
More information about the NANOG
mailing list