RE: creating DNSBL for blocking email virus, need suggestion

["Mike" <mike_sha () shaw ca>]

Have you tried implementing a e-mail virus gateway?

Mike Fetherston

> -----Original Message-----
> From: Markus [mailto:markus () jogja citra net id]
> Sent: Saturday, November 13, 2004 12:11 AM
> To: security-basics () securityfocus com
> Subject: creating DNSBL for blocking email virus, need suggestion
>
> Hello security-basics,
>
> i'm inspired by virbl.bit.nl, and want to make DNSBL for my school
> network to reduce the server load because of scanning all email with
> virus that coming in.
>
> VIRBL reduce the server load by creating an IP blacklist, if email
> with virus sent from an IP then that IP will be added to the Blacklist
> (BL), so the next email that sent from that IP will be rejected before
> the antivirus scan it...
>
> but i got some question..
>
> how if the computer that infected by virus and send email virus is in
> a network/LAN? the LAN's server public IP will be blocked, and then
> all computer in that network can't send email to my school network.
> can we know local IP 198.x.x.x for that computer?
>
> how long do you think an IP should remain in the blacklist? because
> blacklist can't know if the infected computer already cleaned by its
> user/admin.
>
> i appriciate any suggestion/idea..
>
> thank you
>
> --
> Best regards,
> Markus