> It looks like some postmasters are in the virus distribution business pretty > much like the MyDoom virus itself. Perhaps these postmasters need to review > their bounce message policies and remove all attached files from messages > being bounced. the mails probably bounced (were rejected by the target SMTP server) because of an invalid recipient address. It is an ordinary and IMHO still good practise to include the entire original mail in the bounce message. Those mail servers did not bother about the content of the mail, so they just sent it back (to the alledged return address), whether or not it contained any malicious attachment. I think this is exactly what they are supposed to do, and it is IMHO the best way they can react to the upstream SMTP rejecting an email. I think intermediate systems should not tamper with the mail, including scanning for virii. The worst are such systems that only remove the virus (which in many cases could easily be scanned for by the reciving system at the end), leving the rest of the mail as hard-to-filter annoying junkmail. Now the real issue is you, as the recipient, being in danger of executing any arbitrary code (with powerful abilities to your system) found in an email attachment by just an accidental mouse click (regardless how exactly that mail reached you). Such MUAs are just an invitation for abuse. It is here where any security measures should start. If it does not, such users will always remain in jeopardy. -- Georg Schwarz http://home.pages.de/~schwarz/ geos@epost.de +49 177 8811442
