[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: virus scanning

On Mon, 16 Feb 2004 11:14, Vincent Renardias <vincent@renardias.com> wrote:
> > In a general sense rejecting a virus with a code 550 is good, but in the
> > case of mail forwarders it just results in a bounce going to an innocent
> > third party.  While master lacks virus scanning the best thing to do is
> > to accept the message and send it to /dev/null so that no bounces are
> > generated.
> You'd be right if antiviruses never raised false positives. It's very
> rare, but it occasionnaly happens for new signatures. Also it provides a
> way for people who are infected to know about it without having to send
> a notification email (as most email headers from viruses are fake
> anyway)

No!  A bounce gives EXACTLY the same result as those crappy anti-virus 
messages that are plagueing us.  It sends mail to an innocent third party.  
There is no way that giving a 550 code for a virus coming from master will do 
anyone any good!

> >   vincent@renardias.com
> >     SMTP error from remote mailer after end of data:
> >     host mail.renardias.com []: 550 This message contains a
> > virus or other harmful content (Worm.SCO.A)
> Here, the culprit is gluck: it accepted to forward an email containing a
> virus without proper checking; it should either run an anvivirus or run
> a proper mailing-list software: bounces should be handled by the
> mailing-list software; NOT to the email sender.

Proper mailing list software will never send a bounce to the originator of the 
message, it will merely track bounces and unsubscribe the user if necessary.  
So if vincent@debian.org was managed as a mailing list then it would be the 
same result as if you just sent viruses from master to /dev/null.

> I'll try to see if I can disable this feature for emails coming from
> master anyway, but still I thing the best solution would be for the
> Debian project's computers to stop forwarding viruses.

I agree.  Every serious mail server needs anti-virus software.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: