On Sun, Feb 09, 2003 at 03:48:40PM -0800, John Rudd wrote: > > On Sunday, Feb 9, 2003, at 03:28 US/Pacific, Cliff Sarginson wrote: > >1- Unwanted access to your SMTP Mail server > >2- Virus Checking > >3- Spam checking > > > >I "solve" 2 by running antivir on the mail server. This quarantines > >mail > >containing viruses, sends a message to the intended recipient to say it > >has done so and a message to the sender, > > Sending messages back to the sender isn't necessarily a good idea. > Mailscanner, which can handle both #2 and #3 via various virus scanning > engines, RBL checks, and/or Spam Assassin, has a list of viruses which > it silently deletes (no message to the intended recipient nor the > claimed sender) because there's just no point. Many of the Klez > family, and a few others, forge the sender address and contain no > useful content (as opposed to viruses which attach themselves to some > useful data). So, several of the Klez variants are in Mailscanner's > list to "silently delete". > > If you're not doing anything sophisticated on the virus checking side, > then I wouldn't bounce any messages back to the sender. Just filter > out the bad attachment and inform the recipient. Then they can make an > informed decision about whether or not to inform the claimed sender. > Otherwise, I'd use an engine which knows (or can be told) which viruses > it should just delete without further processing.
Ok, that is a good argument, as opposed to one of the others my mail resulted in. I will give that some careful thought. I do believe however that the problem is although viruses obviously originate from malevolent sources they are often passed on by innocent parties or by people with open-relays etc. In that case, while discarding it silently it seems kind of important to do whatever little you can to stop it spreading. I mean I think it is socially irresponsible to not run virus checkers on incoming and outgoing mail, particularly on Windows machines .. but some people do not, and they ought to be aware of the consequences. What I have discovered now amongst a lot of my friends who use Windows is that they have had it drilled into them not to open attachments in email messages. Well that is a protection against certain kind of viruses that are carried that way, but it is like not going outside your front door in case someone hits you over the head with a mallet. If a policeman is standing there you probably will not be. So a virus-checker is like the policeman. Ah well..this is a many sided argument..but I see the point you are making. I may turn the auto-reply feature off, but keep the infected mail in quarantine to see if anything useful can be gleaned... -- Regards Cliff Sarginson The Netherlands [ This mail has been checked as virus-free ]
