North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: antivirus in smtp, good or bad?

  • From: Joe Maimon
  • Date: Tue Feb 03 11:56:39 2004 

Daniel Senie wrote:


At 10:13 AM 2/3/2004, Joe Maimon wrote:




Daniel Senie wrote:


At 08:58 AM 2/3/2004, you wrote:

<snip>
Why must systems accept mail that's virus laden or otherwise not desired at a site?

The "bounce" you refer to invariably ends up going to the wrong person(s), so that's an exceptionally BAD idea. Many viruses (most of the recent ones) forge the sender information. So either accepting and silently dropping, or rejecting the SMTP session with a 55x are the only viable choices.

What you are saying is that every mailhost on the Internet should run up to date and efficient virus scanning? Pattern matching and header filtering? Should the executable attachmant become outlawed on the Internet? Recognize when a "to be bounced email" is a spoof and discard the DSN?

I'm saying, if you are going to run a virus scanner on your mail server, then either have it reject at the SMTP level or drop the messages on the floor. Accepting the email and then boucing it to someone who didn't send it further propagates the virus' annoyance level to otherwise unaffected people.

<snip>

I agree. Rejecting with a 550 after DATA completes is becoming more common and acceptable.

I think we have all agreed in previous threads that if a mail anti virus scanner does not know how to differentiate between a virus that spoofs the sender and one that doesnt, it should silently discard all virus infected email -- OR notify the local administrator/user at their choosing, but NOT bounce it.