On Thu, Feb 06, 2003 at 04:39:30PM -0500, Daniel Senie wrote: > At 11:00 AM 2/6/2003, John Rudd wrote: > >> From: Daniel Senie <[EMAIL PROTECTED]> > >> > >> Products which wish to filter spam or viruses > >> REALLY should be built to "plug in" to mail clients via APIs. > > > >I disagree. The propper place to do spam and virus scanning is on the > >server. Sure, if you want user's to feel some form of warm fuzzy, they > >should have the option to run it on the client (and once there, your > >method might be right). But the best place to put it is on the server. > >For one, it means that the client hasn't wasted bandwidth downloading > >what may be huge amounts of bad data. > > Certainly scanning for viruses on the server is a good idea. We do it > ourselves. However, it is unacceptable for an ISP to tell customers not to > run AV products because the server they use for their email runs a scan. > The issues are: > > 1. Liability: We tell our clients that while we scan for and delete virus > laden email, we do not guarantee that it will be 100% effective. We > recommend they run their own antivirus as well. > > 2. Diversity: We've often seen the server-based product we use lag the > desktop products (different brands) in having updated virus definitions. > There are 3 issues here:
1- Unwanted access to your SMTP Mail server 2- Virus Checking 3- Spam checking I "solve" 1 by restricting access to port25 to trusted IP addresses using my firewall, and a further check in my MTA (Postfix). I "solve" 2 by running antivir on the mail server. This quarantines mail containing viruses, sends a message to the intended recipient to say it has done so and a message to the sender, The solution of 3 is much more difficult for a Mail Server. Spam checkers do create false-positives, and one man's Spam may not be another ones. Before the mail is qpopped it is run through spamassassin with a certain set of rules, flagging what it believes is Spam. It is then up to the recipient to filter or not on that flagging and decide what to do .. isolating it in a special potential Spam folder for later checking,..is recommended. A whitelist is also maintained by the spamassassin rules (people sending legit mail to mailing lists often get flagged to high on Spam checks because they often "shout" a lot and have suspicious mail From addresses etc. RBL checks are also in place.) This all works reasonably well, although how scaleable it is I have no idea, since I am not runnning a corporate network ! The slowest point in the chain is the Spam checking. As for the posters point 2. "Diversity". I use amavis/antivir and have noticed they email information about new viruses and cures *consistently* faster than they get picked up by live-updates of Penicillin and Symantec Windows virus checkers. My mail server contacts them automatically once a day anyway to download any new definitions/engine changes. Interestingly I had to whitelist my ISP ! Not because they spam me but because their "announcement" messages, due to the way they are structured, triggered many of the Spam check rules to score them high! -- Regards Cliff Sarginson The Netherlands [ This mail has been checked as virus-free ]
