Re: virus scanning
On Mon, 16 Feb 2004 11:14, Vincent Renardias <vincent@renardias.com> wrote:
> > In a general sense rejecting a virus with a code 550 is good, but in the
> > case of mail forwarders it just results in a bounce going to an innocent
> > third party. While master lacks virus scanning the best thing to do is
> > to accept the message and send it to /dev/null so that no bounces are
> > generated.
>
> You'd be right if antiviruses never raised false positives. It's very
> rare, but it occasionnaly happens for new signatures. Also it provides a
> way for people who are infected to know about it without having to send
> a notification email (as most email headers from viruses are fake
> anyway)
No! A bounce gives EXACTLY the same result as those crappy anti-virus
messages that are plagueing us. It sends mail to an innocent third party.
There is no way that giving a 550 code for a virus coming from master will do
anyone any good!
> > vincent@renardias.com
> > SMTP error from remote mailer after end of data:
> > host mail.renardias.com [213.41.121.145]: 550 This message contains a
> > virus or other harmful content (Worm.SCO.A)
>
> Here, the culprit is gluck: it accepted to forward an email containing a
> virus without proper checking; it should either run an anvivirus or run
> a proper mailing-list software: bounces should be handled by the
> mailing-list software; NOT to the email sender.
Proper mailing list software will never send a bounce to the originator of the
message, it will merely track bounces and unsubscribe the user if necessary.
So if vincent@debian.org was managed as a mailing list then it would be the
same result as if you just sent viruses from master to /dev/null.
> I'll try to see if I can disable this feature for emails coming from
> master anyway, but still I thing the best solution would be for the
> Debian project's computers to stop forwarding viruses.
I agree. Every serious mail server needs anti-virus software.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: