Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)
Tue Feb 10 16:12:44 PST 2004
On 10 Feb 2004, Tilghman Lesher <firstname.lastname@example.org> wrote:
> On Tuesday 10 February 2004 17:33, Martin Pool wrote:
> > On 10 Feb 2004, Ben Finney <email@example.com> wrote:
> > > Which, IMO, is pushing the problem in the right direction. If
> > > I'm generating a reject for known viruses, then *whoever* is
> > > connecting to me and trying to pass it on needs to:
> > >
> > > - FOAD (if they're doing it intentionally)
> > > - clean up their machine (if they're infected)
> > > - implement virus-reject policies themselves (if they're a
> > > smarthost blithely passing it on to me)
> > Yes, any of those would be nice. But rejecting won't achieve them.
> And dropping them on the floor will achieve them?
I didn't say that. I said that absorbing them will avoid generating
Given that neither absorbing nor rejecting is likely to make the
smarthost shape up, I prefer the one that does not annoy other random
people. Is that so bad?
> Sorry, but rejecting a message has a far more likely chance of
> altering a remote administrator's actions than accepting and
> disposing of messages silently.
Why is that? I don't think admins who are so slack as to pass viruses
are going to notice them. Do you think they will?
> Dropping messages allows the problem to continue and introduces the
> new problem of false positives disappearing silently.
I didn't (mean to) say necessarily drop them: personally, I sequester
them and check for false positives ever so often.
> The SMTP rule is that if you are not going to deliver a message, then
> you are going to reject the message. How is breaking that rule doing
> no harm? I see it as doing a great deal of harm. Suddenly we have a
> mail server that might deliver a message, might not, and if it
> doesn't, there's no guarantee somebody will find out.
SMTP was designed for a kinder world, when it was safe to have open
relays and forging was rare. Today, a large fraction (>50%?) of mail
has forged addresses and contains malware. Different situations
require different responses.
Anyhow, SMTP never promised that accepting a message was a guarantee
that it will be promptly read by a human. Destination-side filtering
after receipt is perfectly OK. Don't drop it unless you're absolutely
sure, just file it somewhere safe.
> And don't deliver the malarkey about not having false positives. The
> only way to have no false positives is to have no positives.
Well, in that case just accept everything.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040211/2888a572/attachment.pgp
More information about the linux-elitists