Set your virus to hold and not delete...then you will see many a spam in there being held because of broken email clients. They were caught by the Virus program...
Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dan Geiser Sent: Tuesday, February 18, 2003 2:36 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Tuning Declude Hey, Scott! > > >From my point of view, a false positive is a false positive is a false > >positive. I just need to make sure that a message has to fail more than the > >BADHEADERS test to get rejected. > > On the other hand, with this attitude, it will be impossible to stop > viruses in the future. I guess I'm a little unclear on why virus checking would have any overlap with spam checking. > The problem is that detecting malformed E-mail is a very important part of > the process in stopping spam and viruses, as many spamware programs use > broken headers (or let the spammers create their own headers), and viruses > will take advantage of known vulnerabilities. I understand that it is an important part of the process for spam. I don't necessarily see what that has to do with viruses. Are a lot of Virus Protection Vendors checking broken e-mail headers to intercept spam? > Having an occasional spam come through so you can get legitimate E-mail > from broken mailers may be acceptable. But what happens when you have to > choose between accepting legitimate mail from broken mailers or protecting > yourself against viruses? Obviously protecting yourself from viruses would always win out over receiving legitimate e-mail. We aren't going to let a virus into our system just so someone can receive an e-mail message. If a legitimate e-mail is being tracked as a virus we would have no choice but to get the sender to change something on their end. > There are a number of recently discovered > vulnerabilities that some legitimate mailers are using (unintentionally, of > course), that *must* be blocked (without blocking them, future viruses will > be allowed to bypass virus scanners on the mailserver). I see what your saying there. > It's also very important to remember that lots of this legitimate broken > E-mail gets lost, anyways. Many mailservers will block such E-mail. And > in many cases, the mail gets lost in inboxes. I understand that when possible broken e-mail needs to be fixed. > It's a choice of dealing with it now or dealing with it later. Waiting > means that you'll receive more spam now, and you'll probably have to get > hit with a virus outbreak before dealing with the problem, which can be > very costly. Well, obviously I'm dealing with it now. > Of course, the choice is completely up to you, and only you can know your > unique situation well enough to determine whether or not to allow such > E-mail through. Specifically what type of e-mail are you talking about? > > > The only legitimate mail that the BADHEADERS test catches is mail that has > > > broken headers (which may never reach you anyways). Whenever legitimate > > > E-mail fails the BADHEADERS test, I strongly recommend fixing the > > > problem. In most cases, blocking based on the BADHEADERS test alone is > > > very useful. > > > >So how would you recommend fixing the problem? > > We are always willing to deal with legitimate companies who have products > that are sending out broken E-mail (either failing the BADHEADERS test in > Declude JunkMail, or getting caught as vulnerabilities with Declude > Virus). In the majority of cases, though, upgrading to the latest version > of the software used to send the mail is all that is required (and if > someone is sending broken mail and isn't willing to upgrade, they have to > accept the consequences). Is there any way to tell what about a particular message raises the BADHEADERS flag? Thanks for all of your help! Dan Geiser <[EMAIL PROTECTED]> ==================================================================== This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.455 / Virus Database: 255 - Release Date: 2/13/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.455 / Virus Database: 255 - Release Date: 2/13/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.