Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Tilghman Lesher zgp-org@the-tilghman.com
Tue Feb 10 16:00:02 PST 2004


On Tuesday 10 February 2004 17:33, Martin Pool wrote:
> On 10 Feb 2004, Ben Finney <ben@benfinney.id.au> wrote:
> > On 10-Feb-2004, Martin Pool wrote:
> > > In principle the smarthost admin could [manually determine the
> > > correct recipient host for a reject you generate].
> > >
> > > Of course if the admin was that smart and proactive then they
> > > probably wouldn't be relaying viruses in the first place, would
> > > they?
> >
> > Which, IMO, is pushing the problem in the right direction.  If
> > I'm generating a reject for known viruses, then *whoever* is
> > connecting to me and trying to pass it on needs to:
> >
> >   - FOAD (if they're doing it intentionally)
> >   - clean up their machine (if they're infected)
> >   - implement virus-reject policies themselves (if they're a
> > smarthost blithely passing it on to me)
>
> Yes, any of those would be nice.  But rejecting won't achieve them.

And dropping them on the floor will achieve them?  Sorry, but
rejecting a message has a far more likely chance of altering a remote
administrator's actions than accepting and disposing of messages
silently.  Dropping messages allows the problem to continue and
introduces the new problem of false positives disappearing silently.

> > How does dropping the message silently move us forward?
>
> Not at all.  However, rejecting them makes it worse, by generating
> extra noise to people who can do nothing about it.  First, do no
> harm.

The SMTP rule is that if you are not going to deliver a message, then
you are going to reject the message.  How is breaking that rule doing
no harm?  I see it as doing a great deal of harm.  Suddenly we have a
mail server that might deliver a message, might not, and if it
doesn't, there's no guarantee somebody will find out.

And don't deliver the malarkey about not having false positives.  The
only way to have no false positives is to have no positives.

-Tilghman




More information about the linux-elitists mailing list