[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: virus scanning

On Sat, 2004-02-14 at 14:18, Russell Coker wrote:
> Could virus scanning be installed on master?

Yes, definatly. I'll even offer to do/help it.
On my server master.debian.org is the top-virus-sending host (~50 per
day last time I checked); installing an AV on master would save
everybody's bandwidth.

> I'm getting virus bounces when master tries to send mail on to developers who 
> have their machines configured to reject such messages, I've just got two 
> from messages to Vincent.
> Vincent, would it be possible for you to configure your server to 
> unconditionally accept mail from master and then send viruses to /dev/null?
> In a general sense rejecting a virus with a code 550 is good, but in the case 
> of mail forwarders it just results in a bounce going to an innocent third 
> party.  While master lacks virus scanning the best thing to do is to accept 
> the message and send it to /dev/null so that no bounces are generated.

You'd be right if antiviruses never raised false positives. It's very
rare, but it occasionnaly happens for new signatures. Also it provides a
way for people who are infected to know about it without having to send
a notification email (as most email headers from viruses are fake

> However sending 550 codes is ideal for mail that goes direct.

It's my opinion too, which is why I set this up a few weeks ago (Exim based setup details
available on request).

> Mail delivery failed: returning message to sender
> Date: Today 00:02:34
> From: Mail Delivery System <Mailer-Daemon@gluck.debian.org>
> To: russell@coker.com.au
> This message was created automatically by mail delivery software (Exim).
> A message that you sent could not be delivered to one or more of its
> recipients. This is a permanent error. The following address(es) failed:
>   vincent@renardias.com
>     SMTP error from remote mailer after end of data:
>     host mail.renardias.com []: 550 This message contains a 
> virus or other harmful content (Worm.SCO.A)

Here, the culprit is gluck: it accepted to forward an email containing a
virus without proper checking; it should either run an anvivirus or run
a proper mailing-list software: bounces should be handled by the
mailing-list software; NOT to the email sender.

I'll try to see if I can disable this feature for emails coming from
master anyway, but still I thing the best solution would be for the
Debian project's computers to stop forwarding viruses.



Reply to: