antivirus in smtp, good or bad?
Joe Maimon
jmaimon at ttec.com
Tue Feb 3 16:49:40 UTC 2004
Daniel Senie wrote:
>
> At 10:13 AM 2/3/2004, Joe Maimon wrote:
>
>
>
>> Daniel Senie wrote:
>>
>>>
>>> At 08:58 AM 2/3/2004, you wrote:
>>
>>
>> <snip>
>>
>>> Why must systems accept mail that's virus laden or otherwise not
>>> desired at a site?
>>>
>>> The "bounce" you refer to invariably ends up going to the wrong
>>> person(s), so that's an exceptionally BAD idea. Many viruses (most
>>> of the recent ones) forge the sender information. So either
>>> accepting and silently dropping, or rejecting the SMTP session with
>>> a 55x are the only viable choices.
>>
>>
>> What you are saying is that every mailhost on the Internet should run
>> up to date and efficient virus scanning? Pattern matching and header
>> filtering? Should the executable attachmant become outlawed on the
>> Internet? Recognize when a "to be bounced email" is a spoof and
>> discard the DSN?
>
>
> I'm saying, if you are going to run a virus scanner on your mail
> server, then either have it reject at the SMTP level or drop the
> messages on the floor. Accepting the email and then boucing it to
> someone who didn't send it further propagates the virus' annoyance
> level to otherwise unaffected people.
>
<snip>
I agree. Rejecting with a 550 after DATA completes is becoming more
common and acceptable.
I think we have all agreed in previous threads that if a mail anti virus
scanner does not know how to differentiate between a virus that spoofs
the sender and one that doesnt, it should silently discard all virus
infected email -- OR notify the local administrator/user at their
choosing, but NOT bounce it.
More information about the NANOG
mailing list