[Avcheck] infected is sick?
Michael Tokarev
mjt@tls.msk.ru
Wed, 28 Nov 2001 19:10:56 +0300
Len Conrad wrote:
>
[]
> > For many viruses today it's a virus who sent a message, not
> >a human.
>
> yes, but when a worm sends out the email in the name of the unknowing
> sender, and then avcheck sends the complete virus back to the sender, the
> sender is getting infected again. This is not the right policy.
???! Ooch. Sender receives the message:
From: antivirus daemon
Subject: sender virus alert ...
The mailsystem received a message from you that was
infected. Original message provided below.
...
+-------------------------------+
| Attachtment: infected message |
+-------------------------------+
I don't think people SO stupid to open the attachtment given
this context.
> > So sender typically have no knowlege that his machine sent out
> >viruses. When he can view the whole message he can do or know more than
> >for headers (at least if he has a clue what viruses are). Moreover,
> >most infected messages will be sent using standard way (as a MUA configured),
> >typically via the gateway that will handle virus properly, and not direct
> >to the destination machine. If a virus on my machine will send a mail to
> >you, it will send it to our gateway, not directly to your machine.
>
> but you now many mail servers through which these viruses propagate from do
> not have AV or a blocking gateway.
So the notification will be delivered just fine and will not be blocked --
exactly what I said.
Well. I can esaily made sending the whole message or headers only back
configurable. But this will require modifications for message translations.
Regards,
Michael.