[Mimedefang] Mime Part Removal and then entire quarantine.
WBrown at e1b.org
WBrown at e1b.org
Wed Mar 30 11:42:48 EST 2005
mimedefang-bounces at lists.roaringpenguin.com wrote on 03/30/2005 11:14:46
AM:
> I wish i had that as an option, but since it could be a word
> document etc(that may be needed), it's not a choice.
Do you know of any virii that send a valid word document in addition to
the malicious program? If the infection is in the document(macro virus),
then what you propose dwould strip it and store only the rest of the
email, possibly some text. Are you willing to release the infected
document to the end user from the quarantine? I sure as heck wouldn't!
If you reject a virus infected document that was legitimately sent by a
real person through a real mail server, then it will get bounced back to
them. At least they'll get it back assuming that their mail server doesn't
puke on the delivery failure due to virus scanning on the path back to the
user. But it that's the case, it probably should have caught it on the
way out! The responsibility is on the sender to get their act together and
clean up their machine rather than spew infections at everyone else.
In over a year of running CanIt Pro rejecting unsafe extensions
(executables) and virii, I've only had two calls about it. One person
thought they were sending a M$ Word document, but the extension was
actually .URL. The second was something similar - "System operating as
designed." We're up to filtering for 38 domains and around 28,000
mailboxes and about 1.9 million message/month. I'd consider that a low
incidence of problems for rejecting unsafe email, and no complaints for
rejecting infected email.
More information about the MIMEDefang
mailing list