[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications
Matthew.van.Eerde at hbinc.com
Matthew.van.Eerde at hbinc.com
Thu Jun 30 13:26:32 EDT 2005
Chris Gauch wrote:
> No matter how you slice it, you are adding "risk" by perpetuating the
> existence of a virus when you reject at the SMTP level.
I see your point...
I do have two more things to say though.
1. I do plenty of rejections before DATA time. For example, I reject invalid addresses at RCPT time, before I have a chance to scan for viruses. Isn't it this also bad under your standards? It also results in viruses-wrapped-in-NDRs being delivered to innocent bystanders. Are you suggesting I should defer all rejections until after I've scanned the data?
2. Imagine a USPS mail counter. Someone walks up to the counter with a 5lb package that has wires sticking out of it, smells of gasoline, and is ticking. The package has plenty of postage and the return address is the White House. (This USPS mail counter is not in the same ZIP code as the White House.)
What is the mail clerk to do?
He could take the package and turn it over to the bomb squad, who will blow it up. (action_discard)
Or he could say "I'm sorry, sir, we can't deliver this package for you."
If he takes the first action, it's entirely possible that the package was Jenna Bush's science project (not likely... just, "possible") and that the USPS clerk will be fired shortly.
If he takes the second action, the customer could walk across the street to Bob's Overnight Delivery Service, who doesn't have such a strict package policy.
As a sub-case of this, Bob might find that the addressee does not exist, and so attempt to return it... to the White House, naturally. (Bob's in for a bit of a shock if he does.)
--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
More information about the MIMEDefang
mailing list