To send or not to send 'virus in email' notifications?
Stewart, William C (Bill), RTSLS
billstewart at att.com
Wed Aug 20 23:41:49 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The right answer for the original question is probably
"Buy an email server package with virus scanning hooks" or
"Get a virus scanner with sendmail milter hooks"
rather than specific details of how to set it...
The suggestion to do virus filtering during the
message transfer stage rather than the delivery stage is good.
It looks like sendmail milters can be tweaked to do this,
though unless they can recognize the virus from the mail headers,
they have to wait until the end-of-message hook to do it,
i.e. after the whole virus has been transferred
but before the message acceptance codes get transferred.
It's too bad that it's difficult to send a reject code
and continue a teergrube at the same time.
For virus scanners that run at other stages in the delivery process,
the right decision about whether to do a notification or not
is virus-dependent, if your anti-virus package supports it.
Sobig almost always forges sender addresses, so it shouldn't get a
reply,
but some other viruses don't forge the sender, and should get the
reply.
Limiting the responses to once a week per sender or whatever may
help,
but only if the same sender gets forged a lot.
Yet another reason to cryptographically sign your outgoing mail,
not that I usually do so or that most people or mail clients check.
Thanks; Bill Stewart
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: PGP Freeware 703
iQA/AwUBP0QHO7JBeu7P+eyUEQK4xACgwIEKFP47bIyOZ3ABzm5fxm8AsyQAoI8L
mnmDP9h63r+REIlTzTBdltSM
=8pMy
-----END PGP SIGNATURE-----
More information about the NANOG
mailing list