At 3:15 PM -0500 4/29/02, Mate Wierdl wrote: >Lately, I received emails such as > >"I received a lot viruses from the lyx users list, and now my >windows partition is ruined." > >I am truly sorry to hear this, but: > >--- The virus _never_ originates from my server
What follows is my personal opinion; I think I'm qualified on this subject since I have 5 years experience of directly running a 200+ person mailing list, 2 years of helping run a 1500+ member/12-list site, and several years in IT. Technically it did come from your server, because you don't implement any kind of virus protection or attachment blocking; I have emailed viruses with the headers to prove they came through your box. At this point, we need action, not finger pointing and "It's not my problem." It IS your problem. YOUR list is getting used to send viruses to YOUR list members. It is exactly your attitude that makes this whole problem even worse; yeah, it's not our platform, yeah, people should run antivirus software...but you're in denial if you think ignoring it is going to solve anything. It's equivalent to paramedics saying, "well, guns shouldn't be made, bad people shouldn't have guns, and besides, since lots of people DO have guns anyway, others should be wearing bulletproof vests if they want to go around in public. So, don't call us if someone gets shot, it's not our problem...it's the fault of the guy who got shot because he wasn't wearing a vest." You've got three choices, given that Windows users are here to stay and there are plenty of Windows users who don't run antivirus software, who use Outlook(some don't have a choice, so don't get high and mighty on 'em), etc. -dump all attachments before they go to the list management software's alias. "demime" is one good script for doing so, very easy to install. Attachments shouldn't be allowed on large lists anyway; this isn't the development list, so attachments are simply not necessary nor appropriate, particularly in this day and age where webservers are dime a dozen. People should never send attachments, they should reference URLs. 99% of the attachments that drift by have absolutely no use to me...and posting attachments is completely useless to people reading the archives a week, month, year later. URLs, if they link to some place stable, at least have a fighting chance. -run antivirus software. amavis is one package, but it acts only as an interface to a scanner(see amavis.org) Some products, like Trend Interscan, already have mail scanning capabilities. No Linux/unix virus scaning engines are available for free, non-personal use, however. None of the good ones result in false positives(NONE. I've used Trend for 2 years now and NEVER had a false positive.) -give the list to someone who will handle the issue instead of pointing fingers and dismissing the issue. Brett --
