Re: [Exim] Re: the Klez virus

Top Page
Delete this message
Reply to this message
Author: Tom Kistner
Date:  
To: Matthew Byng-Maddick
CC: exim-users
Subject: Re: [Exim] Re: the Klez virus
On Fri, May 10, 2002 at 11:36:45AM +0100, Matthew Byng-Maddick (exim@???) wrote:

> > I see what your point is, but it only proves that you can break things
> > ON PURPOSE. Big deal. There will never be a real-world file like that, and
> > even if there was, noone would like to receive it anyway.
>
> Well, indeed. That wasn't the point. The point is that I can crash your
> mailserver with something like that.


Yes, maybe you can. I said I agree on that. You even quoted me:

> > I agree that there may be the possibility of DoS with such files, but that
> > will depend on the scanner used, not on exiscan. Most
> > scanners (like uvscan) have no problems with such ill-formatted files.
>
> It's not "ill-formatted". That's kind of the point. And anyway, you were
> kind of missing the entire point of my post.


Nope. I even said that I understand your point, however I
do not necessarily agree with your conclusion.

> > For me, SMTP dialogue time AV scanning works perfectly, and it does
> > so for a lot of other people.
>
> Well, I hope that you understand the risk you're taking, and I hope you
> never have either (a) a heavily loaded mail server, (b) a heavily loaded
> link to the internet or (c) a link that's having packet dropping problems,
> because if you get any of these, then you are highly likely to get
> duplicate mail.


(b) and (c) are non-issues. Connection speed is not the problem. CPU and
I/O speed is, however.

(a) is legit, but when I get load problems AND want to do AV scanning,
I just throw more hardware at it.

> I keep being scared at the general lack of understanding of SMTP by
> supposed mail admins on this list.


I understand both SMTP and your concerns, but in my environment, my AV
scanning approach has been working perfectly on several servers for 1 1/2
years, so why should I care ?

Just because someone has a syntacically correct, but completely useless ZIP
file ? Come on.


regards,

/tom




--
Tom Kistner <tom@???>
ICQ 1501527 dcanthrax@efnet
http://duncanthrax.net