When I’m writing a program or web script, I usually test it on my own system before deploying it to its final destination (a web server, application server, etc.). Tonight, I made the unpleasant and rather disturbing discovery that Norton AntiVirus 2005, if it’s set to scan outgoing mail, may scan memory before a program tries to send a message. I was building a mail message in a PHP script and got all sorts of “the server has rejected your message” warnings, before I added the mail() function. In other words, Norton A/V was somehow picking up on the e-mail message headers I was assembling, before I actually attempted to send a message.
Even more disturbing, it was wrong – the error messages stopped appearing when I disabled the outbound scanning, and the e-mail messages went through, just fine, when I finally added the mail() function. Even though things are working, if I turn outbound scanning back on, I get the same message that my server is rejecting the e-mail messages (and do, in fact, get error e-mails from the server in question), even though the rejection is apparently entirely due to Norton’s meddling. That’s weird and disturbing.