On Thu, 2004-05-13 at 14:58, Jason Haar wrote: > On Thu, May 13, 2004 at 03:07:40PM +1000, Adam Goryachev wrote: > > There are some dis-advantages that should be considered, which don't > > seem to have been noticed yet. Namely, *IF* a worm sent it's message > > using the configured SMTP relay, and the SMTP relay forwarded the > > message to a system configured to 5xx the virus, then it will correctly > > create a bounce message. This could in fact send a *known* virus > > infected email, including the attachment, to the 'supposed' sender, who > > may well wonder what attachment they sent to this person. > > Wow - good call. That is a serious issue. > > You will end up bouncing viruses to someone who isn't already infected with > a virus.
-- snip -- > I'm warming up to SMTP rejects - but the fact that will cause a copy of the > virsus to be bounced concerns me majorly. And no, there's nothing we can do > about that - the SMTP client is what generates the bounce of that message - > not the Q-S server. This is a critical mass issue. If rejecting (error 55x) mail servers are the minority, then non-AV-enabled mail servers will propagate viruses and spam innocent users with "you have a virus!" bounce messages. On the other hand, if the majority of mail servers are AV-enabled and are configured to reject viruses, no one will get "you have a virus!" bounce messages and viruses can't propagate... whether they use their own SMTP engine (because the receiving SMTP will return error 55x) or they use an ISP mail server (because the ISP mail server will return error 55x to the infected computer and refuse to pass the virus on). So yes, having q-s reject mail that contains viruses *may* cause some users to get annoying bounces or even get infected via a bounce. But it will be progress... when the majority of mail servers reject virus-infected mails, e-mail propagation of viruses will no longer be effective. And in the meantime, we'll be able to detect false positives in AV scanners. - Jon -- [EMAIL PROTECTED] Administrator, tgpsolutions http://www.tgpsolutions.com
signature.asc
Description: This is a digitally signed message part
