viruses, part 2

, you're missing an important part of the story (and are messing up the rest). There are two types of viruses that get sent by mail: worms, and "normal" viruses in some attachments. For the latter kind, what those anti-virus thingies do actually is the right thing to do; after all, the mail is legitimate (it just happens to have a legitimate attachment with an illegitimate infection), so the recipient and/or the sender might be surprised to find out that the mail isn't arriving. In this case (because the mail was willingly sent out and isn't forged in any way), we want a notice. Those types of viruses are getting rarer, though.

The other type (mass-mailing worms) is getting more and more popular. The right thing to do for a mailserver intercepting such a mail is never to notify anyone of this fact, except perhaps his own admin; because since the mailheaders are more than likely forged, there's no way an automated system can reach the right person anyway. The right way to fight those mails, is to do what my ISP does: if an infected mail passes through their "outgoing mailserver" as ISP's like to call it, it will block any SMTP traffic coming from that IP for the next half hour, giving a clear 550 message which says your computer is infected. That reaches the right person in all cases (remember that Windows does not usually feature an MTA), and does not bother those who do not and should not care. I like this way of handling the issue, even if it occasionally bites me too (yes, there are some non-free operating systems in my LAN... some people just don't want to listen to arguments )

Bouncing it somewhere half in transit is, of course, not the right thing to do either; that will result in a bounce reaching the wrong person. If it arrives at a mailserver, not from the originating IP, a mail containing a mass-mail worm should be discarded