[snip Eicar signature]
You didn't attach it. If you had, I'm pretty sure Exim (running an ACL
plugged into ClamAV) would have caught it before it got to my Inbox. Clam
detects Eicar just fine. :>
:) I did receive two "your message contains a virus" replies. One was
a "Panda GateDefender"
mary wrote:
mta test anyone?
[snip Eicar signature]
You didn't attach it. If you had, I'm pretty sure Exim (running an ACL
plugged into ClamAV) would have caught it before it got to my Inbox. Clam
detects Eicar just fine. :>
What you did was include it inline in a text/plain MIME part in
On Sat, 2005-12-10 at 17:51 -0600, Robert Bonomi wrote:
> BATV has the risk of false-positive detection of an 'invalid' DSN.
> All it takes is a remote mail system that keeps 'trying' to deliver to
> a tempfailing address for _longer_ than the lifetime of that 'private
> tag'.
>
> Congratulation
mta test anyone?
[EMAIL PROTECTED](P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
> From [EMAIL PROTECTED] Sat Dec 10 16:56:38 2005
> Date: Sat, 10 Dec 2005 17:55:38 -0500 (Eastern Standard Time)
> From: Todd Vierling <[EMAIL PROTECTED]>
> To: nanog@merit.edu
> Subject: Re: SMTP store and forward requires DSN for integrity
>
>
> On Sat, 10 Dec 2005, Douglas Otis wrote:
>
> > B
> From [EMAIL PROTECTED] Sat Dec 10 15:55:48 2005
> Subject: Re: SMTP store and forward requires DSN for integrity
> From: Douglas Otis <[EMAIL PROTECTED]>
> To: Andrew - Supernews <[EMAIL PROTECTED]>
> Cc: nanog@merit.edu
> Date: Sat, 10 Dec 2005 13:54:37 -0800
>
>
> On Sat, 2005-12-10 at 17:37
On Sat, 10 Dec 2005, Douglas Otis wrote:
> BATV will make forged DSNs a thing of the past, irrespective of where a
> recipient list is checked, an AV or SPAM filter is added, etc.
Stop plugging a recipient-side cost-shift scheme that you're directly
involved with as some sort of panacea. BATV h
On Sat, 2005-12-10 at 17:37 +, Andrew - Supernews wrote:
> BATV doesn't help you if the problem is SMTP transaction volume, any
> more than a firewall will help you cope with a saturated network link.
I agree with most of your statements. AV filters should be done within
the session when po
> "JP" == JP Velders <[EMAIL PROTECTED]> writes:
JP> Right now dumb AV filtering is akin to a Smurf amplifier.
Good analogy. I would extend it by pointing out that "dumb AV
filtering" is actually only a part of the general backscatter
problem. The existence of BATV isn't an excuse for mail
On Sat, 10 Dec 2005, Edward B. Dreger wrote:
> Let's use some hyperbole:
>
> Say that the latest megaworm chucks out spam at speeds resembling SQL
> Slammer. The return-path specified is your email address. Millions of
> MXes send _you_ bogus DSNs "in good faith".
That's not exactly hyperbole.
DO> Date: Fri, 9 Dec 2005 15:08:49 -0800
DO> From: Douglas Otis
DO> This is a third-party acting in good faith, albeit performing a check better
DO> done within the session. In your view, there is less concern about delivery
DO> integrity, and so related DSNs should be tossed. Being done within
MS> Date: Sat, 10 Dec 2005 22:54:24 +1100
MS> From: Matthew Sullivan
MS> RFC 2821 states explicitly that once the receiving server has issued a 250
MS> Ok to the end-of-data command, the receiving server has accepted
MS> responsibility for either delivering the message or notifying the sender
MS
On Wed, Dec 07, 2005 at 02:15:00PM -0800, Douglas Otis wrote:
> >When auth fails, one knows *right then* c/o an SMTP reject. No bounce
> >is necessary.
>
> This assumes all messages are rejected within the SMTP session.
Yes, exactly and the point several of us have been making is that
this is (
On Fri, Dec 09, 2005 at 09:03:10AM -0800, Douglas Otis wrote:
> There is a solution you can implement now that gets rid of these tens of
> thousands of virus and abuse laden DSNs you see every day before the
> data phase.
BATV is not a solution.
It's a band-aid.
It fails to address the underlyi
On Sat, 10 Dec 2005, Douglas Otis wrote:
With the high prevalence of viruses having a forged return-path, the
concern is largely about _false_ detections. These are not actual
numbers, but perhaps more realistic than figures suggested previously.
Imagine the false positive error rate for an em
On Sat, 2005-12-10 at 15:40 +0100, JP Velders wrote:
> *any* anti-virus vendor has not only signatures of a specific virus
> but also a good understanding of what the virus does and how it
> spreads. If the vendor doesn't, well, they'd better retire from the AV
> business, because as a vendor
On Fri, 9 Dec 2005, Douglas Otis wrote:
> When there is some percentage of false-positive detection,
I'm *loving* your crack-induced comedy. Troll it up, bay-bee!
Show me the false positive rate. If you can prove any site with more than
0.1% FP on malware detection with any off the shelf
> From [EMAIL PROTECTED] Sat Dec 10 06:58:38 2005
> Date: Sat, 10 Dec 2005 12:57:34 + (GMT)
> From: "Stephen J. Wilcox" <[EMAIL PROTECTED]>
> Subject: Re: SMTP store and forward requires DSN for integrity (was
> Re:Clueless
> anti-virus )
>
>
> On Sat, 10 Dec 2005, Matthew Sullivan wrote:
> Date: Fri, 9 Dec 2005 15:08:49 -0800
> From: Douglas Otis <[EMAIL PROTECTED]>
> Subject: Re: SMTP store and forward requires DSN for integrity
> On Dec 9, 2005, at 1:12 PM, Todd Vierling wrote:
> > [ ... ]
> > I have not requested the virus "warnings" (unsolicited), they are being sent
> > via
On Sat, 10 Dec 2005, Matthew Sullivan wrote:
> Please remember people..
>
> RFC 2821 states explicitly that once the receiving server has issued a
> 250 Ok to the end-of-data command, the receiving server has accepted
> responsibility for either delivering the message or notifying the sender
Robert, sorry I missed the full conversation, and don't have time to
read the whole thread, but based on your mail alone a few words of
agreement...
Please remember people..
RFC 2821 states explicitly that once the receiving server has issued a
250 Ok to the end-of-data command, the receivi
This is pointless argument, please stop
There are those who think they are right in spamming people with reports
of a virus they didn't send and the rest of the planet who think they
are mad and wish they'd get a clue.
> As the recipient of the DSN is _always_ the best
> judge whether the DSN
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/09/AR2005120902039.html
During Katrina, virtually every system failed: Internet communications,
radio transmissions, cell phones, even backup gear such as satellite
phones handed out by federal relief workers after the storm. Even when
23 matches
Mail list logo
