Re: virus scanning
On Sat, 2004-02-14 at 14:18, Russell Coker wrote:
> Could virus scanning be installed on master?
Yes, definatly. I'll even offer to do/help it.
On my server master.debian.org is the top-virus-sending host (~50 per
day last time I checked); installing an AV on master would save
> I'm getting virus bounces when master tries to send mail on to developers who
> have their machines configured to reject such messages, I've just got two
> from messages to Vincent.
> Vincent, would it be possible for you to configure your server to
> unconditionally accept mail from master and then send viruses to /dev/null?
> In a general sense rejecting a virus with a code 550 is good, but in the case
> of mail forwarders it just results in a bounce going to an innocent third
> party. While master lacks virus scanning the best thing to do is to accept
> the message and send it to /dev/null so that no bounces are generated.
You'd be right if antiviruses never raised false positives. It's very
rare, but it occasionnaly happens for new signatures. Also it provides a
way for people who are infected to know about it without having to send
a notification email (as most email headers from viruses are fake
> However sending 550 codes is ideal for mail that goes direct.
It's my opinion too, which is why I set this up a few weeks ago (Exim based setup details
available on request).
> Mail delivery failed: returning message to sender
> Date: Today 00:02:34
> From: Mail Delivery System <Mailer-Daemon@gluck.debian.org>
> To: firstname.lastname@example.org
> This message was created automatically by mail delivery software (Exim).
> A message that you sent could not be delivered to one or more of its
> recipients. This is a permanent error. The following address(es) failed:
> SMTP error from remote mailer after end of data:
> host mail.renardias.com [220.127.116.11]: 550 This message contains a
> virus or other harmful content (Worm.SCO.A)
Here, the culprit is gluck: it accepted to forward an email containing a
virus without proper checking; it should either run an anvivirus or run
a proper mailing-list software: bounces should be handled by the
mailing-list software; NOT to the email sender.
I'll try to see if I can disable this feature for emails coming from
master anyway, but still I thing the best solution would be for the
Debian project's computers to stop forwarding viruses.