AY> Can you install a virus scanner? Clam Anti-Virus is successfully AY> blocking all of the virus-infected messages coming from this list AY> on my MTA.
A general virus scanner is in the works for our system, but it will require that we accept the mail prior to scanning it. I'd rather NOT accept things that are going to be bounced, if possible. The scanner is a last-ditch effort to keep infected files from reaching the user. The reasons for avoiding accepting a bad message are several - I've seen too many instances where the accept-analyze-bounce processing chain is used to create an open relay. That's why I have Postfix verify that an address is deliverable by checking the DBMail aliases table. And why I wanted to detect UPX files in the MTA. With forged return addresses, accept-analyze-bounce allows the virus or worm to spread to the unfortunate person whose return address was forged (Micah, in this case), only it now "originates" from "our" server, instead of the infected machine. If you program the MTA to accept-analyze-drop messages, you risk a false positive not being noticed; if the MTA rejects a legitimate message, the sender will not get a report about the error. Also, tripping one of our spam filters kicks our MTA into "tarpit mode", adding 20 seconds delay to each ACK sent out, slowing the infected computer down... Sure, it doesn't fix the problem, but I feel better about it! B-) -- Jeff Brenton Vice President, Engineered Software Products, Inc http://espi.com Questionable web page: http://dididahdahdidit.com Liberalism grants you the freedom to advocate any idea*. * Please see http://www.dididahdahdidit.com/except.php for a current list of exceptions
