nanog mailing list archives
Re: Clueless anti-virus products/vendors (was Re: Sober)
From: Simon Waters <simonw () zynet net>
Date: Fri, 9 Dec 2005 09:25:58 +0000
On Thursday 08 Dec 2005 18:08, Douglas Otis wrote:
When accepting messages from anonymous sources, seldom does one know the source.
On the contrary, short of the tricks played on AOL to defeat their original antispam system, TCP means you always know the source. We manage to filter out ~98% of the unwanted email here with very nearly 100% accuracy at the SMTP transaction stage with low processor overhead on our new email servers. At which point any backscatter from what gets through is trivial, although alas there still is a little due to evil practices of the past in then forwarding email elsewhere. But the point of this discussion is that SMTP will have to evolve to be a point to point system (or functional equivalent). The days of store and forward in intermediate MTAs should die as quickly as possible (which as our forwarding demonstrates may be quite slowly alas). The problem is that many of the antivirus gateways behave like new intermediate MTAs, especially when for many of the organisations involved it could easily be done during SMTP transactions. The remaining issue is how much resource it costs to do your spam/malware detection, but I believe trying to do anything beyond policy enforcement ("no EXE/PIF/SCR here please") in terms of malware detection in the MTA is a mistake, especially when you only really need to protect the thick(!) clients, and they still need to be protected when the content is zipped/encrypted/novel/zipped+encrypted+novel etc. This thread on the other hand should move to Spam-L.
Current thread:
- Re: Clueless anti-virus products/vendors (was Re: Sober), (continued)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Douglas Otis (Dec 05)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Valdis . Kletnieks (Dec 05)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Todd Vierling (Dec 06)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Douglas Otis (Dec 06)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Todd Vierling (Dec 06)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Douglas Otis (Dec 06)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Steven J. Sobol (Dec 07)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Micheal Patterson (Dec 07)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Michael . Dillon (Dec 08)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Douglas Otis (Dec 08)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Simon Waters (Dec 09)
- SMTP store and forward requires DSN for integrity (was Re: Clueless anti-virus ) Douglas Otis (Dec 09)
- RE: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Geo. (Dec 09)
- RE: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Todd Vierling (Dec 09)
- RE: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Geo. (Dec 09)
- RE: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Steven J. Sobol (Dec 09)
- RE: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Todd Vierling (Dec 09)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Douglas Otis (Dec 09)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Micheal Patterson (Dec 09)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Matt Ghali (Dec 09)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Micheal Patterson (Dec 09)