Re: Getting rid of worms and viruses

To: Ross Boylan <RossBoylan@stanfordalumni.org>
Cc: <kmark@pipeline.com>, <debian-user@lists.debian.org>, Ross Boylan <ross@biostat.ucsf.edu>
Subject: Re: Getting rid of worms and viruses
From: <kmark@pipeline.com>
Date: Thu, 25 Sep 2003 04:08:12 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.33.0309250400310.11501-100000@debian.potter>
In-reply-to: <[🔎] 20030925061815.GE2341@wheat.boylan.org>


On Wed, 24 Sep 2003, Ross Boylan wrote:

> On Thu, Sep 25, 2003 at 01:14:04AM -0400, kmark@pipeline.com wrote:
> >
<snip>
>
> To reduce your downloads, it looks as if you can either use
> fetchmail's size limit (limit keyword, but it doesn't delete the
> message unless you use the somewhat dangerous flush option) or
> mailfilter for a somewhat more refined tool (use fetchmail's
> preconnect option to invoke it automatically).  I'm looking into
> installing mailfilter now.
I tried the preconnect but with some sort of errors??
>
> Oh, the other thing I notice is that fetchmail responds to various
> spam codes if you enable "antispam" option, and so could delete the
> message as soon as your MTA determines it's spam.  I think exim4, at
> least, has some options for making decisions before accepting the
> whole message.
>
> I'm a little worried that whatever test I put in is going to zap
> something real, and most likely it will also still let a lot of stuff
> through (e.g., bounce messages for which the attachment has been
> stripped).
>
> I'm ready to switch ISP's too, but I don't know who's better.  I did
> finally have an intelligent conversation with someone at earthlink
> today.  She said their numbers showed Swen had much lower penetration
> than Sobig (like 0.2% of all earthlink's mails), and they had made a
> policy decision not to filter it out.
I got an email. It said that they did not want to stop all attachments as
that would stop some legitimate ones. This is a stupid answer. Then they
said that they wanted to protect privacy by not scanning attachments. I
said if you can scan for spam, there is not difference in scanning for
viruses since they both scan the mail. They said 'sorry for the minor
inconvience'. I said having my email box stuffed and me missing emails is
not a minor inconvience. And their spam 'whitelist' is useless.
So, I said I will change to an ISP that does a better job and allows
encrypted email access.
-Kevin

She wasn't familiar with all
> the reasons for the decision, but thought the resources required to
> filter (since it requires looking at message content, rather than just
> headers, to do it reliably) may have been a factor.  I asked her to
> relay my dissatisfaction with the situation, and suggested that their
> numbers might be missing lots of the mails, since I've seen several
> reporrts that Swen is the biggest viral worm yet.  It certainly the
> biggest one I've been hit with, but maybe I'm just lucky.
>
> That I found this satisfying is a sad commentary on their support,
> which previously included mostly people not responding or telling me
> that they "couldn't" filter out the virus.  I get very annoyed when
> people make obviously false statements to justify inaction.
>
> Maybe I should point earthlink at Karsten Self's reasons to avoid
> challenge-response systems, since earthlink's "strong" spam protection
> feature is basically C-R for anyone not on your whitelist.  I have a
> feeling other ISPs (e.g. AOL?) are doing the same.  I use their medium
> setting, which does filter out some stuff.
>

Reply to:

Follow-Ups:
- Re: Getting rid of worms and viruses
  - From: Ross Boylan <RossBoylan@stanfordalumni.org>

References:
- Re: Getting rid of worms and viruses
  - From: Ross Boylan <RossBoylan@stanfordalumni.org>

Prev by Date: Re: Still on install
Next by Date: Re: fetchmail and mailfilter
Previous by thread: Re: Getting rid of worms and viruses
Next by thread: Re: Getting rid of worms and viruses
Index(es):
- Date
- Thread