North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: antivirus in smtp, good or bad?
Daniel Senie wrote:
At 08:58 AM 2/3/2004, you wrote:
Why must systems accept mail that's virus laden or otherwise not desired at a site?What you are saying is that every mailhost on the Internet should run up to date and efficient virus scanning? Pattern matching and header filtering? Should the executable attachmant become outlawed on the Internet? Recognize when a "to be bounced email" is a spoof and discard the DSN?
Will the concept of SMTP relaying die? Should the "bounce" become archaic?
Perhaps SPF/RMX or the "mail from" smtp callbacks would help eliminate the spoofed sender problem?
That could significantly raises the bar on MTA costs. Pattern matching on headers/attachments, while not strictly speaking 100% accurate (are emails with subject line of "Hi!" permitted on the Internet anymore?) are usualy performance sensitive.
However there is the issue of manual intervention required to keep things up to date and as we know constant care and feeding of systems by admins is not cheap.
Full blown signature based virus scanning, while automated, is NOT performance sensitive. Any sufficiently large MX will see a big hit if they perform that. In many cases the virus scanning rate will become the practical bottleneck.
And we all know that SPF is on public trial now. We can watch and see. However, until you reject non-SPF email, it is unlikely to eliminate the spoofed email from hitting your spools.
SMTP call backs? Wasnt there some b*tching about that here recently?
Besides, even with signature based virus scanning, updates can occur slowly enough to allow a virus enough time to spread. Being that the case with many installed anti virus systems is updates maybe daily, it should not be a surprise how all these supposedely protected edge sites managed to get some infections. The alternative is to DOS the AV vendor.
As I tell my customers, just delete the undeliverable notices if they do not apply to you. One day, Mozilla/Thunderbird or others might even run that though a "references a message I sent?" check for you.
I do not think it is so simple.
On a positive note, I believe that MTA's are standardizing the feature of seperate timeouts for DSN emails. That should lower spool sizes.