[Avcheck] infected is sick?

[Len Conrad]

>It should be done easily enouth if you can change the script (sending
>back only headers as in recipient notification).  But are you shure you
>need this?

sure

>   For many viruses today it's a virus who sent a message, not
>a human.

yes, but when a worm sends out the email in the name of the unknowing 
sender, and then avcheck sends the complete virus back to the sender, the 
sender is getting infected again.  This is not the right policy.

>   So sender typically have no knowlege that his machine sent out
>viruses.  When he can view the whole message he can do or know more than
>for headers (at least if he has a clue what viruses are).  Moreover,
>most infected messages will be sent using standard way (as a MUA configured),
>typically via the gateway that will handle virus properly, and not direct
>to the destination machine.  If a virus on my machine will send a mail to
>you, it will send it to our gateway, not directly to your machine.

but you now many mail servers through which these viruses propagate from do 
not have AV or a blocking gateway.

>I.e.
>the test you did setting up Eudora to send directly will not be a case
>in a real-life situation.

of course, I'm on a SDSL "DUL" and "spamming" a remote mail server, rather 
than using my own SMTP server.

But there are millions of users who send through their mailservers where 
there is no AV protection in the server.

I can't imagine any situation where it would be acceptable for an AV 
scanner to send back the entire virus to re-infect the ignorant sender.

I'll look at the script to see how it sends only headers to the recipient 
and  try to make infected do the same for the sender.

Len