Full Disclosure mailing list archives

AW: Re: Filtering sobig with postfix

From: vogt () hansenet com
Date: Wed, 20 Aug 2003 15:27:18 +0200

/see attached file for details/     REJECT


this incurs a factor 2-4 performance drop, and it could also elicit
false positives. you should definitely do more than just REJECT
(i.e. write out a message: s/REJECT/554 Suspected virus/).


Agree, a message would be good.

also, this is more the job of a content filter than of an MTA.


True. But this solution offers two advantages:

a) it's a quick hack, it works (apparently), and it was easy to
   do it on a tuesday morning without installing all kinds of
   additional filters.

b) I never have to store the crap on my own system. Let the windos
   users choke on it, even at 1/GB my harddisk space is too
   expensive to store their virus spam.


Tom

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

AW: Re: Filtering sobig with postfix vogt (Aug 20)
- Re: Re: Filtering sobig with postfix martin f krafft (Aug 20)
- Re: Re: Filtering sobig with postfix gregh (Aug 20)
- <Possible follow-ups>
- AW: Re: Filtering sobig with postfix vogt (Aug 20)
  - Re: Re: Filtering sobig with postfix martin f krafft (Aug 20)
  - Re: Re: Filtering sobig with postfix martin f krafft (Aug 20)
- AW: Re: Filtering sobig with postfix vogt (Aug 21)
  - RE: Re: Filtering sobig with postfix Bojan Zdrnja (Aug 21)
    - Re: Re: Filtering sobig with postfix Irwan Hadi (Aug 21)
    - RE: Re: Filtering sobig with postfix Bojan Zdrnja (Aug 21)
  - Re: Re: Filtering sobig with postfix Robert Banniza (Aug 23)

(Thread continues...)