> Hello list and Jason Haar, > > A discussion on a local mailing list here > raised an interesting point regarding the > new psender functionality in qmail-scanner >= 1.21. > > Previously, qmail-scanner sent notifications for > all incoming virus emails. This was prone to > SMTP forgery, but at least the senders of > legitimate emails that are falsely accused of > containing a virus would be notified that their > email had been quarantined. The down side was > that many inocent netizens were spammed with > "you sent us a virus" notifications. > > However, now with the psender functionality > we silently quarantine all viruses without > notifying the sender in any way. The sender > has every right to assume that his email was > delivered successfully, even though it might > not have been delivered at all. > If I'm not wrong, with psender the notification are sent to the sender when the mail is quarantined by perlscanner or when in the quarantine_event is found the word policy.
> This would be perfectly acceptable if all AV > software yielded a 0% false positive rate. > However, we all know that just isn't the case. > False positives DO happen. How can you know that there is a false positive? > > So why don't we change qmail-scanner to return > a 5xx SMTP error code and a short message when a > virus email is quarantined? > As you surely know, a 5xx is sent back to the return-path, and it is almost always faked... > That way, a legitimate sender will instantly > know that there is a problem with his email, > instead of believing that the email was delivered > successfully. If the email does not really > contain a virus (i.e. false positive) then he > can contact the mail server's administrator > and have the problem fixed. > > PROS: qmail-scanner still quarantines and blocks > viruses. > > Virus sender knows that virus was not > delivered successfully. > > We can still use psender functionality to > avoid spamming incocent netizens with > "you sent us a virus" notifications. > > CONS: ??? > > > What do you think? > >From my experience, I receive every day a lot of "virus warinnings" that are "false negatives", I use a Mac. Now I'm using spamassassin to block all those bogus virus warnnings, they are really spam. I think that psender is enough good it is not perfect, but it is better than spread spam all over the wordl in the form of "virus warnnings" or bounces talking about you maybe has sent a virus, and the queue of my server doesn't fill with undeliberabily mails to address that really don't exist ([EMAIL PROTECTED]) Regards Salvatore mail1.usc.urbe.it ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
