[Mimedefang] X-Scanned-By Header

[Rich West]

>
>
>True.  But look at it this way:
>
>1) If you run MIMEDefang as "defang" and not root, the consequences of
>a buffer overrun are not catastrophic.
>

True, but a DOS is possible..

>2) Spammers already send spam cheaply all over the place.  If a hole
>is discovered in MD, I (if I were a black hat) would simply spam
>anyone and everyone with the exploit, and collect 0wned machines...
>

True, too.   I would guess that any form of "attack" would be more of a 
'rootkit' type of toolkit where multiple methods of entry are attempted 
rather than focusing on specifically MD-based mailhosts.

>However, if enough people express interest, I'll make a command-line
>switch to turn off this header.
>

Thanks!
-Rich

>3) To see the header, the black hat would have had to receive e-mail
>which passed through your machine.  You can't simply probe machines
>at random for the presence of MIMEDefang. [1]
>  
>
>[1] Although there are some tricks you might be able to do to force mail
>to be relayed through an MD machine, like sending mail to someone you
>know has an out-of-office auto-reply, or sending mail to a nonexistent
>address where you know the network uses an MD filter in front of the
>real mail server.
>  
>

Agreed.. of course, assuming that someone were trying to hunt down MD 
servers, a simple bounced email should generate that header on the 
mailhosts with MD...

Anyhow, thanks for the quick response.  Geeze.. and you have little ones 
running around, too.  You must never sleep. :)

-Rich