[ On Monday, February 17, 2003 at 07:27:46 (+0530), Suresh Ramasubramanian wrote: ]
> Subject: Re: [Exim] bouncing viruses
>
> And just how are you supposed to reject before DATA for virus infected
> mail? Is there support for "crystal ball" libraries in exim or something?
In some cases, yes. Don't accept any connections from clients listed as
"dial-up" or "dyanmic" in the various public DNS blacklists. That'll
stop a sizable number of viruses and worms.
> Normally yes, if there's one particular envelope sender / other pattern in
> MAIL FROM:, we can REJECT that straightaway without all this headache
> coming in. However, this thread seems to assume that the mail is accepted
> and passed to a virus scanner of some sort.
If you've acceptd a message containing a virus or worm then the best
possible thing you can do is disable it (or delete it from the body) and
then continue to deliver the message to the intended destination. You
should not try to bounce it, as has already been clearly stated.
Personally though I'd recommend just getting rid of all software that's
known to be vulnerable to such junk and then you can just deliver all
the e-mail without even having to scan it first. Friends don't allow
their good friends to run M$ software. There are lots of better
alternatives. Keeping your users well aware of all security issues is
also a really good idea (which reporting infected messages helps to do,
but is far from being the only thing you should be doing to inform
them).
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@???>; <woods@???>
Planix, Inc. <woods@???>; VE3TCP; Secrets of the Weird <woods@???>
