Bugtraq mailing list archives
Re: RFC: virus handling
From: Daniele Orlandi <daniele () orlandi com>
Date: Wed, 28 Jan 2004 20:08:20 +0100
Thomas Zehetbauer wrote:
1.1.) Configuration Unless the virus scanner provides special handling for worms and virii which knowingly use a faked sender address
I think that virus scanners SHOULD provide some sort of information on the reliability of headers and SMTP envelope of the virus e-mail and act accordingly. I use amavisd-new which has support for listing viruses/worms that fake the sender's email address. Unfortunatelly the list is external to the actual virus scanner and has to be updated manually. This is a major problem, since the administrators are often (an with good reason) not responsive enought with the rapid floods like the one we saw recently.
it should not send out notification messages unless the administrator has been warned that these notification messages may not reach the intended recipient and has still enabled this feature.
I would say that a virus scanner SHOULD NOT send notifications unless it has informations on the reliability of the sender's e-mail address.
1.2.) Format These messages cannot be easily filtered because they come in many different formats and do often not contain any useful information at all.
They could be formatted with a message/delivery-status part but the problem wouldn't exist at all if all the notifications are sent to the real infected recipient. Bye. -- Daniele Orlandi
Current thread:
- Re: RFC: virus handling, (continued)
- Re: RFC: virus handling Piotr KUCHARSKI (Feb 02)
- Re: RFC: virus handling Patrick Proniewski (Feb 02)
- Re: RFC: virus handling Matthew Dharm (Feb 03)
- Re: RFC: virus handling Ben Wheeler (Feb 04)
- Re: RFC: virus handling Shawn McMahon (Feb 07)
- Re: RFC: virus handling Matthew Dharm (Feb 03)
- Re: RFC: virus handling Craig Morrison (Feb 02)
- Re: RFC: virus handling James C. Slora Jr. (Feb 03)
- Re: RFC: virus handling John Fitzgibbon (Feb 02)
- Re: RFC: virus handling Dave Clendenan (Feb 03)
- Re: RFC: virus handling Volker Kuhlmann (Feb 04)
- Re: RFC: virus handling Dave Clendenan (Feb 03)
- Re: RFC: virus handling Daniele Orlandi (Feb 02)
- Re: RFC: virus handling Pavel Kankovsky (Feb 02)
- Re: RFC: virus handling Dave Aronson (Feb 02)
- RE: RFC: virus handling David Brodbeck (Feb 03)
- Re: RFC: virus handling Casper Dik (Feb 04)