Re: virus scanning

To: russell@coker.com.au
Cc: debian-devel@lists.debian.org
Subject: Re: virus scanning
From: Vincent Renardias <vincent@renardias.com>
Date: Mon, 16 Feb 2004 01:14:20 +0100
Message-id: <[🔎] 1076890459.6348.3502.camel@vincent>
In-reply-to: <[🔎] 200402150018.07750.russell@coker.com.au>
References: <[🔎] 200402150018.07750.russell@coker.com.au>

On Sat, 2004-02-14 at 14:18, Russell Coker wrote:
> Could virus scanning be installed on master?

Yes, definatly. I'll even offer to do/help it.
On my server master.debian.org is the top-virus-sending host (~50 per
day last time I checked); installing an AV on master would save
everybody's bandwidth.

> I'm getting virus bounces when master tries to send mail on to developers who 
> have their machines configured to reject such messages, I've just got two 
> from messages to Vincent.
> 
> Vincent, would it be possible for you to configure your server to 
> unconditionally accept mail from master and then send viruses to /dev/null?
>
> In a general sense rejecting a virus with a code 550 is good, but in the case 
> of mail forwarders it just results in a bounce going to an innocent third 
> party.  While master lacks virus scanning the best thing to do is to accept 
> the message and send it to /dev/null so that no bounces are generated.

You'd be right if antiviruses never raised false positives. It's very
rare, but it occasionnaly happens for new signatures. Also it provides a
way for people who are infected to know about it without having to send
a notification email (as most email headers from viruses are fake
anyway)

> However sending 550 codes is ideal for mail that goes direct.

It's my opinion too, which is why I set this up a few weeks ago (Exim based setup details
available on request).

> Mail delivery failed: returning message to sender
> Date: Today 00:02:34
> From: Mail Delivery System <Mailer-Daemon@gluck.debian.org>
> To: russell@coker.com.au
> 
> This message was created automatically by mail delivery software (Exim).
> 
> A message that you sent could not be delivered to one or more of its
> recipients. This is a permanent error. The following address(es) failed:
> 
>   vincent@renardias.com
>     SMTP error from remote mailer after end of data:
>     host mail.renardias.com [213.41.121.145]: 550 This message contains a 
> virus or other harmful content (Worm.SCO.A)

Here, the culprit is gluck: it accepted to forward an email containing a
virus without proper checking; it should either run an anvivirus or run
a proper mailing-list software: bounces should be handled by the
mailing-list software; NOT to the email sender.

I'll try to see if I can disable this feature for emails coming from
master anyway, but still I thing the best solution would be for the
Debian project's computers to stop forwarding viruses.

Cordialement,

-- 
Vincent RENARDIAS

Reply to:

Follow-Ups:
- Re: virus scanning
  - From: Russell Coker <russell@coker.com.au>

References:
- virus scanning
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: Why Linux, Why Debian
Next by Date: Re: Library packages depending on data files
Previous by thread: Re: virus scanning
Next by thread: Re: virus scanning
Index(es):
- Date
- Thread