On Tue, Sep 21, 2004 at 06:39:25PM -0500, Damian Menscher wrote:
As a riposte: I'm not alone in this, far from it, actually. A similar request was recently issued by virusalert.nl, a dutch organisation on virus prevention. See http://www.virusalert.nl/?show=nieuws&id=559
I attempted to use the Fish to translate, and looked at their little picture of the situation. Maybe I'm missing something, but they're not talking about not rejecting. They're talking about not bouncing (sending out non-delivery notifications in response to EVERY virus). There's a huge difference. I think you'd be hard-pressed to find a legitimate company suggesting making email unreliable.
[...]However, if the remote end is a real mailserver, either because theThat is not your fault. It is the fault of the remote mailserver. Educate them.
Seriously, you cannot possibly expect all mail servers out there to suddenly install decent virus filters. Some mail servers will probably never install virus filters, instead using other lines of defense against viruses. You cannot dictate how someone else runs their server.
Of course not. But then they get to handle all the complaints from users getting bounces from them. That's their choice.
Also, I think people tend to over-state the scale of the problem here. You don't need to worry about *all* mail relays on the planet. Only those that have legitimate mail to relay to your users. In my experience, that number is rather small, and typically the relays are hosted by the same organization.
So, the effect of the 5xx reject is, in the worst case, resulting in the virus being sent elsewhere (in the form of a bounce). So while you're protecting your own users, you are directing the virus "attack" to some unsuspecting bystander.
My users take priority over protecting some idiot admin from having to install a virus scanner on their mail relay.
True. However, sit at an ISP helpdesk for a day and you'll learn how email does get lost. People are simply clumsy with it. That's reality :( We're not living in the friendly academic internet of 1993 anymore.
*shrug* My servers don't lose email.
And, the people complaining about bogus virus notifications is far greater than the number of people complaining about not receiving a warning after sending a virus.
THAT IS BECAUSE THEY DON'T KNOW! THIS IS THE ENTIRE POINT OF THE DISCUSSION.
It probably comes down to the number of false positives that can be expected. I've found a bit of ranting on the net, about virus scanners seeing eachother as false positives, and mcafee having lots of false positives, but I haven't found any hard statistics, unfortunatly. Is anyone aware of something tangible?
I've seen something like 3 messages to me get blocked, and have had one outgoing message get blocked. That's the ones I know about. Also there's the frequent posts on this list about where to submit false positives. I think it's a bigger problem than most people realize, specifically because they never find out when it happens.
Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=-
------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
