Thomas Zehetbauer wrote: > > 1.1.) Configuration > Unless the virus scanner provides special handling for worms and virii > which knowingly use a faked sender address I think that virus scanners SHOULD provide some sort of information on the reliability of headers and SMTP envelope of the virus e-mail and act accordingly. I use amavisd-new which has support for listing viruses/worms that fake the sender's email address. Unfortunatelly the list is external to the actual virus scanner and has to be updated manually. This is a major problem, since the administrators are often (an with good reason) not responsive enought with the rapid floods like the one we saw recently. > it should not send out notification messages unless the administrator has > been warned that these notification messages may not reach the intended > recipient and has still enabled this feature. I would say that a virus scanner SHOULD NOT send notifications unless it has informations on the reliability of the sender's e-mail address. > 1.2.) Format > These messages cannot be easily filtered because they come in many > different formats and do often not contain any useful information at > all. They could be formatted with a message/delivery-status part but the problem wouldn't exist at all if all the notifications are sent to the real infected recipient. Bye. -- Daniele Orlandi
