Full Disclosure mailing list archives
Re: antivirus s/w
From: Damian Gerow <damian () sentex net>
Date: Tue, 27 Jan 2004 16:03:59 -0500
Thus spake Bryan K. Watson (bwatson () nettracers com) [27/01/04 15:57]:
Especially with virii spoofing the "From" field now. It just ends up with somebody at random getting the response, which is likely to cause more confusion.The problem is not just antivirus software...the SMTP RFC states that mail servers must be polite as well....so all the sysadmins have to deal with purging all those double bounces from faked headers and invalid destinations.
~postmaster/.procmailrc:
:0:
* ^Subject: (Postmaster (notify|warning)|Could not send message for|Returned mail)
double-bounce
(Note that this will need to change if you send mail from postmaster@.)
Not terribly difficult. IMHO, dealing with false virus notifications -- and
servers that 'politely' strip the worm code before it gets to you -- is a
bigger pain. I actually get more 'disinfected' viruses than viruses
themselves. Until we see a virus that attaches itself to valid messages
(which I bet will be Real Soon Now), there's no need to just disinfect an
e-mail.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: antivirus s/w, (continued)
- Re: antivirus s/w Luca Mihailescu (Jan 27)
- Re: antivirus s/w Randal L. Schwartz (Jan 27)
- Re: antivirus s/w Patrick J Okui (Jan 27)
- Re: antivirus s/w Volker Tanger (Jan 27)
- Re: antivirus s/w Gustavo A. Lozano (Jan 27)
- RE: antivirus s/w Steve Wray (Jan 27)
- Re: antivirus s/w William Warren (Jan 27)
- Re: antivirus s/w I.R. van Dongen (Jan 27)
- RE: antivirus s/w Jos Osborne (Jan 27)
- RE: antivirus s/w Bryan K. Watson (Jan 27)
- Re: antivirus s/w Damian Gerow (Jan 27)
- RE: antivirus s/w Bryan K. Watson (Jan 27)
- RE: antivirus s/w Kevin Cherry (Jan 27)
- RE: antivirus s/w Kevin Patterson (Jan 27)
- Re: antivirus s/w Georgi Guninski (Jan 27)