North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: To send or not to send 'virus in email' notifications?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The right answer for the original question is probably "Buy an email server package with virus scanning hooks" or "Get a virus scanner with sendmail milter hooks" rather than specific details of how to set it... The suggestion to do virus filtering during the message transfer stage rather than the delivery stage is good. It looks like sendmail milters can be tweaked to do this, though unless they can recognize the virus from the mail headers, they have to wait until the end-of-message hook to do it, i.e. after the whole virus has been transferred but before the message acceptance codes get transferred. It's too bad that it's difficult to send a reject code and continue a teergrube at the same time. For virus scanners that run at other stages in the delivery process, the right decision about whether to do a notification or not is virus-dependent, if your anti-virus package supports it. Sobig almost always forges sender addresses, so it shouldn't get a reply, but some other viruses don't forge the sender, and should get the reply. Limiting the responses to once a week per sender or whatever may help, but only if the same sender gets forged a lot. Yet another reason to cryptographically sign your outgoing mail, not that I usually do so or that most people or mail clients check. Thanks; Bill Stewart -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> Comment: PGP Freeware 703 iQA/AwUBP0QHO7JBeu7P+eyUEQK4xACgwIEKFP47bIyOZ3ABzm5fxm8AsyQAoI8L mnmDP9h63r+REIlTzTBdltSM =8pMy -----END PGP SIGNATURE-----