Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Martin Pool mbp@samba.org
Tue Feb 10 16:12:44 PST 2004


On 10 Feb 2004, Tilghman Lesher <zgp-org@the-tilghman.com> wrote:
> On Tuesday 10 February 2004 17:33, Martin Pool wrote:
> > On 10 Feb 2004, Ben Finney <ben@benfinney.id.au> wrote:

> > > Which, IMO, is pushing the problem in the right direction.  If
> > > I'm generating a reject for known viruses, then *whoever* is
> > > connecting to me and trying to pass it on needs to:
> > >
> > >   - FOAD (if they're doing it intentionally)
> > >   - clean up their machine (if they're infected)
> > >   - implement virus-reject policies themselves (if they're a
> > > smarthost blithely passing it on to me)
> >
> > Yes, any of those would be nice.  But rejecting won't achieve them.
> 
> And dropping them on the floor will achieve them?

I didn't say that.  I said that absorbing them will avoid generating
extra junk.  

Given that neither absorbing nor rejecting is likely to make the
smarthost shape up, I prefer the one that does not annoy other random
people.  Is that so bad?

> Sorry, but rejecting a message has a far more likely chance of
> altering a remote administrator's actions than accepting and
> disposing of messages silently.

Why is that?  I don't think admins who are so slack as to pass viruses
are going to notice them.  Do you think they will?

> Dropping messages allows the problem to continue and introduces the
> new problem of false positives disappearing silently.

I didn't (mean to) say necessarily drop them: personally, I sequester
them and check for false positives ever so often.

> The SMTP rule is that if you are not going to deliver a message, then
> you are going to reject the message.  How is breaking that rule doing
> no harm?  I see it as doing a great deal of harm.  Suddenly we have a
> mail server that might deliver a message, might not, and if it
> doesn't, there's no guarantee somebody will find out.

SMTP was designed for a kinder world, when it was safe to have open
relays and forging was rare.  Today, a large fraction (>50%?) of mail
has forged addresses and contains malware.  Different situations
require different responses.

Anyhow, SMTP never promised that accepting a message was a guarantee
that it will be promptly read by a human.  Destination-side filtering
after receipt is perfectly OK.  Don't drop it unless you're absolutely
sure, just file it somewhere safe.

> And don't deliver the malarkey about not having false positives.  The
> only way to have no false positives is to have no positives.

Well, in that case just accept everything.  

-- 
Martin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040211/2888a572/attachment.pgp 


More information about the linux-elitists mailing list