> > ----- Original Message ----- > From: "Simon Byrnand" <[EMAIL PROTECTED]> > To: "Daniel Quinlan" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Friday, June 27, 2003 7:37 AM > Subject: Re: [SAtalk] Blocked File Attachment (OT) > > >> At 21:46 26/06/03 -0700, Daniel Quinlan wrote: >> >Simon Byrnand <[EMAIL PROTECTED]> writes: >> > >> > > <offtopic rant> >> > > >> > > *SIGH* >> > > > > Guys, it's not quite as stated before here. The headers of that particular > e-mail clearly show that the virus was posted to this mailinglist, it was > not merely a forged from: address.
Umm, I actually did point out that the To: address was the mailing list post address in my message, I never said otherwise. The virus was indeed posted to the list, but for some reason, nobody has yet picked up on my comment that the virus scanners are not *replying* to the list, (read the messages and its obvious) the messages we're getting are because the simple minded and broken virus scanners are sending the message to the address in the "To:" header of the message body. Probably because they use some kind of simplistic message re-injection arrangement where the "filtered" message (or virus report) is just reinjected back into the input of the mailserver instead of incorporating the virus scanner as a filter. This method of integrating a virus scanner (or spam filter for that matter) into a mailserver is just plain broken, and trivially exploitable to use as a virus/spam amplifier and/or redirector... > My qmail-scanner quarantined it and is > intelligent enough to recognize the sender is a mailinglist and didn't > send > a notification. Great work by the programmer of qmail-scanner. Indeed, and thats how it should be done. If you're going to reply to the sender at all it should be the envelope-sender address you reply to, since its effectively a delivery failure. (Message blocked due to a virus) But IMHO a virus scanner should never reply to the sender these days, as the majority of viruses now forge the from address, including the envelope-from so innocent parties receive bogus virus warnings all the time, which in fact, is just another form of spam. (Thats the ontopic part of this message :) Regards, Simon ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
