North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Clueless anti-virus products/vendors (was Re: Sober)
On Thursday 08 Dec 2005 18:08, Douglas Otis wrote: > > When accepting messages from anonymous sources, seldom does one know > the source. On the contrary, short of the tricks played on AOL to defeat their original antispam system, TCP means you always know the source. We manage to filter out ~98% of the unwanted email here with very nearly 100% accuracy at the SMTP transaction stage with low processor overhead on our new email servers. At which point any backscatter from what gets through is trivial, although alas there still is a little due to evil practices of the past in then forwarding email elsewhere. But the point of this discussion is that SMTP will have to evolve to be a point to point system (or functional equivalent). The days of store and forward in intermediate MTAs should die as quickly as possible (which as our forwarding demonstrates may be quite slowly alas). The problem is that many of the antivirus gateways behave like new intermediate MTAs, especially when for many of the organisations involved it could easily be done during SMTP transactions. The remaining issue is how much resource it costs to do your spam/malware detection, but I believe trying to do anything beyond policy enforcement ("no EXE/PIF/SCR here please") in terms of malware detection in the MTA is a mistake, especially when you only really need to protect the thick(!) clients, and they still need to be protected when the content is zipped/encrypted/novel/zipped+encrypted+novel etc. This thread on the other hand should move to Spam-L.