Re: [Exim] Bugbear/B filtration

Página Inicial
Delete this message
Reply to this message
Autor: Alan J. Flavell
Data:  
Para: Exim users list
Assunto: Re: [Exim] Bugbear/B filtration
On Thu, 5 Jun 2003, Asbjorn Hoiland Aarrestad wrote:

> Use exiscan and a virus scanner. This will stop more than just common
> viruses.


Just to clarify this point: Having a virus scanner is certainly a
valuable backstop, but if that's the only precaution, then it more or
less guarantees infection, sooner or later, when a virus arrives
before its anti-virus update. It's best to have a policy of blocking
potentially-dangerous formats. And by all means a virus scanner too.

Most recently, we (or rather, exiscan) blocked several instances of
what turned out to be Sobig-C, on the grounds of it being a
potentially dangerous attachment, in the relatively short time until
the update for it arrived from the anti-virus vendor. The two
different kinds of report are evident in the log:

- before:

[...] rejected by exiscan(): This message contains an attachment with
a blacklisted (.pif) extension. [...]

- after:

[...] rejected by exiscan(): This email contains
a virus or other hostile content:\n W32/Sobig-C [...]


The blanket policy against potentially dangerous attachments causes
occasional friction with some users, but overall, in an academic
situation where we can't actually cut users off the network for using
vulnerable client software, it seems to me to be the only viable
approach.