Clueless anti-virus products/vendors (was Re: Sober)

• Previous message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Next message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 5 Dec 2005, Douglas Otis wrote:

> A less than elegant solution as an alternative to deleting the message, is
> to hold the data phase pending the scan.

Contrary to your vision of this option, it is not only elegant; it happens
to be the *correct* thing to do.

Dropping the message on the floor is arguably stretching the bounds of
RFC2821.  If a message is going to be dropped because of a policy (such as a
worm/virus flag), you really should be rejecting after DATA with a RFC1893
5.7.x extended result code.

> Another solution would be not returning message content within a DSN.

If you're still sending to a forged address, how is this not still UBE...?

-- 
-- Todd Vierling <tv at duh.org> <tv at pobox.com> <todd at vierling.name>

• Previous message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Next message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]