Of course, server-based virus scanning isn't for people like you and I,
people who scan their e-mails regularly either on their own mail server or
on the client side, or people who automatically distrust attachments.
But you and I and other members of this list are the exception to the rule,
not the norm. As for using just the envelope addresses, I disagree
slightly. If mail leaving my server is bound for a number of recipients,
all of whom are listed on ONE "TO" or "CC" header, I'm going to alert all of
them that they may have received a virus. I will not, however, send a
message from my server to a LIST, should one of my users send a virus to the
LIST.
The more I think about it, though, the more I ask myself...
Does the receipient REALLY need to know that someone tried to send them an
infected file? If the sender gets a bounce message from MAILER-DAEMON that
says, "I wasn't able to deliver your message; It was infected with the [blah
blah] virus", wouldn't that be enough? What's the reasoning for informing
the intended recipient that he was going to receive a virus, but didn't?
Dustin
-----Original Message-----
From: Bruno Wolff III [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 13, 1999 4:09 PM
To: Dustin Miller
Cc: Russell Nelson; [EMAIL PROTECTED]
Subject: Re: Oops, someone tried to send you a virus
On Mon, Dec 13, 1999 at 03:58:50PM -0600,
Dustin Miller <[EMAIL PROTECTED]> wrote:
> The script I'm currenly working on (similar to another lister's system)
> attempts to filter out list and group-type e-mail addresses. In the virus
> alert the list received, the virus scanning program un a user's mail
system
> mistakenly assumed that the alert should've been sent to all intended
> recipients of the message, in an attempt to notify all the possible
> recipients that they had received a virus.
Don't do this. Just use the envelope addresses. If the other people are
worried about viruses, they will be running their own scanning software.
They don't need your extra warning.
>
> The best solution, of course, is to run the virus program on the list
> server's mail server, thereby preventing a mass infection of those who
don't
> run virus software.
I disagree. This is a lot of overhead on the list server for little benefit.
People who don't know how to safely handle their email can run virus
scanners on their systems. The list server shouldn't have to waste cycles
doing this.
> Yes, I know, everyone should run virus software, but let's be honest: Not
> many do.
No, everyone shouldn't. People who don't know how to safely read email
should,
if they don't want to get burnt. Many people don't need to worry about
the problem because we don't use Microsoft products to read email and don't
run attached programs that are sent to us by email.
