[Avcheck] infected is sick?

Wed, 28 Nov 2001 19:10:56 +0300

Len Conrad wrote:
> 
[]
> >   For many viruses today it's a virus who sent a message, not
> >a human.
> 
> yes, but when a worm sends out the email in the name of the unknowing
> sender, and then avcheck sends the complete virus back to the sender, the
> sender is getting infected again.  This is not the right policy.

???!  Ooch.  Sender receives the message:

 From: antivirus daemon
 Subject: sender virus alert ...

 The mailsystem received a message from you that was
 infected.  Original message provided below.
 ...

 +-------------------------------+
 | Attachtment: infected message |
 +-------------------------------+

I don't think people SO stupid to open the attachtment given
this context.

> >   So sender typically have no knowlege that his machine sent out
> >viruses.  When he can view the whole message he can do or know more than
> >for headers (at least if he has a clue what viruses are).  Moreover,
> >most infected messages will be sent using standard way (as a MUA configured),
> >typically via the gateway that will handle virus properly, and not direct
> >to the destination machine.  If a virus on my machine will send a mail to
> >you, it will send it to our gateway, not directly to your machine.
> 
> but you now many mail servers through which these viruses propagate from do
> not have AV or a blocking gateway.

So the notification will be delivered just fine and will not be blocked --
exactly what I said.

Well.  I can esaily made sending the whole message or headers only back
configurable.  But this will require modifications for message translations.

Regards,
 Michael.