Security Basics mailing list archives
creating DNSBL for blocking email virus, need suggestion
From: Markus <markus () jogja citra net id>
Date: Sat, 13 Nov 2004 12:10:33 +0700
Hello security-basics, i'm inspired by virbl.bit.nl, and want to make DNSBL for my school network to reduce the server load because of scanning all email with virus that coming in. VIRBL reduce the server load by creating an IP blacklist, if email with virus sent from an IP then that IP will be added to the Blacklist (BL), so the next email that sent from that IP will be rejected before the antivirus scan it... but i got some question.. how if the computer that infected by virus and send email virus is in a network/LAN? the LAN's server public IP will be blocked, and then all computer in that network can't send email to my school network. can we know local IP 198.x.x.x for that computer? how long do you think an IP should remain in the blacklist? because blacklist can't know if the infected computer already cleaned by its user/admin. i appriciate any suggestion/idea.. thank you -- Best regards, Markus
Current thread:
- creating DNSBL for blocking email virus, need suggestion Markus (Nov 15)
- Re: creating DNSBL for blocking email virus, need suggestion Rob Hughes (Nov 22)
- <Possible follow-ups>
- RE: creating DNSBL for blocking email virus, need suggestion Mike (Nov 16)
- RE: creating DNSBL for blocking email virus, need suggestion Matvei Kliuchnikov (Nov 16)