[Mimedefang] Re: [J-CHKMAIL] New worm : from james at xxxxx with photos.zipattachment
Lucas Albers
admin at cs.montana.edu
Sat Nov 1 14:13:12 EST 2003
> Stephane Lentz wrote:
>> Anybody noticed a new worm today ?
I started off without blocking much on my mail server.
(Good policy, start off small and work your way towards more restrictions.)
After getting hammerred by numerous viri, I have finally reached the point
where I block all harmful attachments, scan with multiple virus
attachments,
and strip out html.
I used to notify the recipient that a message was stripped but this sent
so many notifications, (just considering my own account) that I now just
quarantine and reject.
I had a few complaints about rejected attachments, and I updated the
attachment reject message, telling people to zip the file and resend.
senders figured it out without my intervention...
My reasons are thus:
Scanning with one virus scanner does not catch all virus's.
New virus's have a window of opportunity before they are detected by the
virus scanner engine.
Numerous exploits come via html, and spammers use image tags in html to
detect if recipients read their email.
Stripping html has dropped my spam volume.
I have not had a single complaint from my users with my policy of
stripping html, or replacing html with text version if text version
exists.
As dave mentions in a previous email, "a major customer only blocks
attachments and does not run a virus scanner, and they have not had a
single virus slip by."
--luke
http://www.cs.montana.edu/support/spam/
More information about the MIMEDefang
mailing list