Full Disclosure mailing list archives
AW: Re: Filtering sobig with postfix
From: vogt () hansenet com
Date: Wed, 20 Aug 2003 15:27:18 +0200
/see attached file for details/ REJECTthis incurs a factor 2-4 performance drop, and it could also elicit false positives. you should definitely do more than just REJECT (i.e. write out a message: s/REJECT/554 Suspected virus/).
Agree, a message would be good.
also, this is more the job of a content filter than of an MTA.
True. But this solution offers two advantages: a) it's a quick hack, it works (apparently), and it was easy to do it on a tuesday morning without installing all kinds of additional filters. b) I never have to store the crap on my own system. Let the windos users choke on it, even at 1/GB my harddisk space is too expensive to store their virus spam. Tom _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AW: Re: Filtering sobig with postfix vogt (Aug 20)
- Re: Re: Filtering sobig with postfix martin f krafft (Aug 20)
- Re: Re: Filtering sobig with postfix gregh (Aug 20)
- <Possible follow-ups>
- AW: Re: Filtering sobig with postfix vogt (Aug 20)
- Re: Re: Filtering sobig with postfix martin f krafft (Aug 20)
- Re: Re: Filtering sobig with postfix martin f krafft (Aug 20)
- AW: Re: Filtering sobig with postfix vogt (Aug 21)
- RE: Re: Filtering sobig with postfix Bojan Zdrnja (Aug 21)
- Re: Re: Filtering sobig with postfix Irwan Hadi (Aug 21)
- RE: Re: Filtering sobig with postfix Bojan Zdrnja (Aug 21)
- RE: Re: Filtering sobig with postfix Bojan Zdrnja (Aug 21)
- Re: Re: Filtering sobig with postfix Robert Banniza (Aug 23)