Re: virus scanning

To: Vincent Renardias <vincent@renardias.com>
Cc: debian-devel@lists.debian.org
Subject: Re: virus scanning
From: Russell Coker <russell@coker.com.au>
Date: Mon, 16 Feb 2004 11:49:50 +1100
Message-id: <[🔎] 200402161149.50482.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] 1076890459.6348.3502.camel@vincent>
References: <[🔎] 200402150018.07750.russell@coker.com.au> <[🔎] 1076890459.6348.3502.camel@vincent>

On Mon, 16 Feb 2004 11:14, Vincent Renardias <vincent@renardias.com> wrote:
> > In a general sense rejecting a virus with a code 550 is good, but in the
> > case of mail forwarders it just results in a bounce going to an innocent
> > third party.  While master lacks virus scanning the best thing to do is
> > to accept the message and send it to /dev/null so that no bounces are
> > generated.
>
> You'd be right if antiviruses never raised false positives. It's very
> rare, but it occasionnaly happens for new signatures. Also it provides a
> way for people who are infected to know about it without having to send
> a notification email (as most email headers from viruses are fake
> anyway)

No!  A bounce gives EXACTLY the same result as those crappy anti-virus 
messages that are plagueing us.  It sends mail to an innocent third party.  
There is no way that giving a 550 code for a virus coming from master will do 
anyone any good!

> >   vincent@renardias.com
> >     SMTP error from remote mailer after end of data:
> >     host mail.renardias.com [213.41.121.145]: 550 This message contains a
> > virus or other harmful content (Worm.SCO.A)
>
> Here, the culprit is gluck: it accepted to forward an email containing a
> virus without proper checking; it should either run an anvivirus or run
> a proper mailing-list software: bounces should be handled by the
> mailing-list software; NOT to the email sender.

Proper mailing list software will never send a bounce to the originator of the 
message, it will merely track bounces and unsubscribe the user if necessary.  
So if vincent@debian.org was managed as a mailing list then it would be the 
same result as if you just sent viruses from master to /dev/null.

> I'll try to see if I can disable this feature for emails coming from
> master anyway, but still I thing the best solution would be for the
> Debian project's computers to stop forwarding viruses.

I agree.  Every serious mail server needs anti-virus software.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

References:
- virus scanning
  - From: Russell Coker <russell@coker.com.au>
- Re: virus scanning
  - From: Vincent Renardias <vincent@renardias.com>

Prev by Date: Re: Why Linux, Why Debian
Next by Date: proftpd-mysql 1.2.9-2 mod_quotatab_sql
Previous by thread: Re: virus scanning
Next by thread: apt-get locking dpkg
Index(es):
- Date
- Thread