North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: antivirus in smtp, good or bad?
- From: Joe Maimon
- Date: Tue Feb 03 11:56:39 2004
Daniel Senie wrote:
At 10:13 AM 2/3/2004, Joe Maimon wrote:
Daniel Senie wrote:
At 08:58 AM 2/3/2004, you wrote:
<snip>
Why must systems accept mail that's virus laden or otherwise not
desired at a site?
The "bounce" you refer to invariably ends up going to the wrong
person(s), so that's an exceptionally BAD idea. Many viruses (most
of the recent ones) forge the sender information. So either
accepting and silently dropping, or rejecting the SMTP session with
a 55x are the only viable choices.
What you are saying is that every mailhost on the Internet should run
up to date and efficient virus scanning? Pattern matching and header
filtering? Should the executable attachmant become outlawed on the
Internet? Recognize when a "to be bounced email" is a spoof and
discard the DSN?
I'm saying, if you are going to run a virus scanner on your mail
server, then either have it reject at the SMTP level or drop the
messages on the floor. Accepting the email and then boucing it to
someone who didn't send it further propagates the virus' annoyance
level to otherwise unaffected people.
<snip>
I agree. Rejecting with a 550 after DATA completes is becoming more
common and acceptable.
I think we have all agreed in previous threads that if a mail anti virus
scanner does not know how to differentiate between a virus that spoofs
the sender and one that doesnt, it should silently discard all virus
infected email -- OR notify the local administrator/user at their
choosing, but NOT bounce it.
|