[Mimedefang] action_bounce - forget it!

Kevin A. McGrail kmcgrail at pccc.com
Thu Jan 29 09:36:10 EST 2004


> > line ~220) looks like this - see below. No bouncing, no quarantines,
just
> > action_discard. For ALL the viruses/worms. That's it!
>
> Well, in most countries this is however illegal.

I think common sense and a lack of case law on this would prevail and would
urge all ISP and administrators to black hole virus notifications.  The
notifications are as bad or worse in many cases.  I've never had a user
complain and I cannot see a judge ever enforcing these rules.  In fact, can
anyone point to a single case ever brought against any ISP in any country
over blocking virii?  Can anyone find me an expert computer witness who will
testify that virus scanners aren't needed besides DFS and his all-linux shop
;-) ?

These laws will end up seeming arcane and left on the books untested in 200
years is my prediction or they'll be enforced only for SPAM.  SPAM is in the
eye of the beholder and there is a lot of money behind it.  I can see some
countersuits from SPAMMERS getting through in some countries.  And that's
why we recommend ONLY tagging spam and never quarantining or redirecting or
bouncing SPAM.

Furthermore, negligently allowing boxes to be infected is an area I believe
someone could sue over.  I have battled successfully to have infected
machines removed from the internet (during codered) because they were on the
same LAN segment at the Colo and they were taking down the boxes with a
"direct" connection without even having to go through an MCI router.    If a
denial of service worm is installed on your companies equipment, are you
liable even as an accessory for not disconnecting the machines from the
internet if they are used in a DoS attack?

Regards,
KAM





More information about the MIMEDefang mailing list