On Thu, May 13, 2004 at 03:07:40PM +1000, Adam Goryachev wrote: > There are some dis-advantages that should be considered, which don't > seem to have been noticed yet. Namely, *IF* a worm sent it's message > using the configured SMTP relay, and the SMTP relay forwarded the > message to a system configured to 5xx the virus, then it will correctly > create a bounce message. This could in fact send a *known* virus > infected email, including the attachment, to the 'supposed' sender, who > may well wonder what attachment they sent to this person.
Wow - good call. That is a serious issue. You will end up bouncing viruses to someone who isn't already infected with a virus. > So, previously we prevented the supposed sender from receiving the > virus, in this case, we don't. I would claim that it is bad for the > server bouncing the email to include the original email in entirety. I > would also suggest that it isn't 'our' problem, the supposed sender > should have their own AV software. Owch - have you no community spirit? ;-) Seriously, my current take on this is that the currrent system never sends viruses, and this "fix" will [effectively] cause Q-S to generate viruses Why does that scare me? > IMHO, over time, we will see more and more AV enabled SMTP servers, and > more and more of them will bounce emails rather than accepting them and > causing just as much headache by sending out 'you might have a virus' > alerts... Strange. From what I've seen, most commercial AV are going the way of Q-S. Either alert or drop - no SMTP rejects. I'm warming up to SMTP rejects - but the fact that will cause a copy of the virsus to be bounced concerns me majorly. And no, there's nothing we can do about that - the SMTP client is what generates the bounce of that message - not the Q-S server. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
