antivirus in smtp, good or bad?

• Previous message (by thread): antivirus in smtp, good or bad?
• Next message (by thread): antivirus in smtp, good or bad?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Daniel Senie wrote:

>
> At 10:13 AM 2/3/2004, Joe Maimon wrote:
>
>
>
>> Daniel Senie wrote:
>>
>>>
>>> At 08:58 AM 2/3/2004, you wrote:
>>
>>
>> <snip>
>>
>>> Why must systems accept mail that's virus laden or otherwise not 
>>> desired at a site?
>>>
>>> The "bounce" you refer to invariably ends up going to the wrong 
>>> person(s), so that's an exceptionally BAD idea. Many viruses (most 
>>> of the recent ones) forge the sender information. So either 
>>> accepting and silently dropping, or rejecting the SMTP session with 
>>> a 55x are the only viable choices.
>>
>>
>> What you are saying is that every mailhost on the Internet should run 
>> up to date and efficient virus scanning? Pattern matching and header 
>> filtering? Should the executable attachmant become outlawed on the 
>> Internet? Recognize when a "to be bounced email" is a spoof and 
>> discard the DSN?
>
>
> I'm saying, if you are going to run a virus scanner on your mail 
> server, then either have it reject at the SMTP level or drop the 
> messages on the floor. Accepting the email and then boucing it to 
> someone who didn't send it further propagates the virus' annoyance 
> level to otherwise unaffected people.
>
<snip>

I agree. Rejecting with a 550 after DATA completes is becoming more 
common and acceptable.

I think we have all agreed in previous threads that if a mail anti virus 
scanner does not know how to differentiate between a virus that spoofs 
the sender and one that doesnt, it should silently discard all virus 
infected email -- OR notify the local administrator/user at their 
choosing, but NOT bounce it.

• Previous message (by thread): antivirus in smtp, good or bad?
• Next message (by thread): antivirus in smtp, good or bad?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]