[Mimedefang] Mime Part Removal and then entire quarantine.

WBrown at e1b.org WBrown at e1b.org
Wed Mar 30 11:42:48 EST 2005


mimedefang-bounces at lists.roaringpenguin.com wrote on 03/30/2005 11:14:46 
AM:

> I wish i had that as an option, but since it could be a word 
> document etc(that may be needed), it's not a choice.

Do you know of any virii that send a valid word document in addition to 
the malicious program?  If the infection is in the document(macro virus), 
then what you propose dwould strip it and store only the rest of the 
email, possibly some text.  Are you willing to release the infected 
document to the end user from the quarantine?  I sure as heck wouldn't! 

If you reject a virus infected document that was legitimately sent by a 
real person through a real mail server, then it will get bounced back to 
them. At least they'll get it back assuming that their mail server doesn't 
puke on the delivery failure due to virus scanning on the path back to the 
user.  But it that's the case, it probably should have caught it on the 
way out! The responsibility is on the sender to get their act together and 
clean up their machine rather than spew infections at everyone else.

In over a year of running CanIt Pro rejecting unsafe extensions 
(executables) and virii, I've only had two calls about it.  One person 
thought they were sending a M$ Word document, but the extension was 
actually .URL.  The second was something similar - "System operating as 
designed."  We're up to filtering for 38 domains and around 28,000 
mailboxes and about 1.9 million message/month. I'd consider that a low 
incidence of problems for rejecting unsafe email, and no complaints for 
rejecting infected email.



More information about the MIMEDefang mailing list