Jerry wrote: > > Lets take this from the top. > > You, and other advocates of enforced screening of sent e-mail are > assuming that all individuals who send e-mail would abide by that > edict. Obviously you know that is a false assumption. Spammers > obviously would not adhere to that edict; nor would the majority of > casual e-mail users. There is just no incentive to do so. It therefore > becomes the responsibility of the recipient to insure the integrity of > the document(s) that they accept. >
Abide by what edict? Email marked as containing a virus is simply rejected. If a spammer or bot wishes to send out viruses from my network, they'll have to bypass my MTA to do it, which is more difficult since very few machines on my network have permission to send out via port 25. > Second, you appear to be under some sort of misguided belief that all > scanning engines are equal and that they are 100% accurate. In > actuality, that is another fallacy. > No, but they are 100% better than nothing. > Third, you seem to believe that the sending of a malicious e-mail would > result in your network being blacklisted. That is also false. Now, if > you were sending a multitude of such documents, that could very well > happen. However, if you are in fact sending hundreds of malicious > documents you have problems that far transcend simply screening of your > transmissions. In reality, a user running his own mail server has a > greater chance of getting blacklisted if they produce 'backscatter'. > The point is that if a machine on my network gets infected with something that wants to start spewing malicious emails, I'm much better off if I am at least attempting to block it. Sure, there may be a delay before the AV system can detect them, but once it can, those emails will be blocked. My network may not be blacklisted (by the public lists) for sending a few malicious emails, but if I don't detect that a machine is infected and continue to send them, it will be more likely. Besides, try sending me a single virus and you will be blocked from my network for about 2 hours, so even if the public lists are not that sensitive, quite a few private ones are. > You have to, or at least should screen all received documents anyway. > Wasting time and resources to do it on transmitted as well as received > ones is redundant. If your network is spewing large amounts of garbage > you do have a serious problem. One that should be corrected at the > source. If you don't know how, or lack the fortitude to do so, then > perhaps you should consider hiring a professional to do it for you. > Of course everyone has to screen incoming mail, but screening your outgoing mail will help prevent your network from becoming part of the problem. No matter how careful you are, almost everyone's network will have some sort of virus or trojan infection (or hacked server) at some point. -- Bowie _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
