Re: [Exim] My Exim virus filter

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Matthew Byng-Maddick
Data:  
CC: exim-users
Asunto: Re: [Exim] My Exim virus filter
On Wed, Mar 06, 2002 at 05:29:40PM +0000, Ken Bailey wrote:
> Greg Ward wrote:
> > http://starship.python.net/~gward/exim/
> I query the wisdom of using "return message".


Return message is the sensible thing to be using.

> In the event that a trojan forges the sender address (eg using valid
> address book entries), surely you risk sending a live virus 'back' to
> an innocent member of the infected sender's address book?


Wouldn't a fair bit of the virus code be outside the limit for the text of
the bounce which exim will generate. Also, note that in the case of the
MIME encoding, the return message will not have the relevant headers for
auto-decoding to work.

> Maybe it would be better to just return the original headers so that
> the "sender" can verify if the source was really them. You can then
> produce your stored message as evidence on request.


Personally I like to have a bit of context, especially if it's rejecting
based on message body content.

MBM

--
Matthew Byng-Maddick         <mbm@???>           http://colondot.net/