Re: [Exim] Bugbear/B filtration

Top Page
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: Re: [Exim] Bugbear/B filtration
On Fri, 6 Jun 2003, Dan Egli quotes me saying:

> |>Just to clarify this point: Having a virus scanner is certainly a
> |>valuable backstop, but if that's the only precaution, then it more or
> |>less guarantees infection, sooner or later, when a virus arrives
> |>before its anti-virus update. It's best to have a policy of blocking
> |>potentially-dangerous formats. And by all means a virus scanner too.
> |>
> |>Most recently, we (or rather, exiscan) blocked several instances of
> |>what turned out to be Sobig-C, on the grounds of it being a
> |>potentially dangerous attachment, in the relatively short time until
> |>the update for it arrived from the anti-virus vendor. The two
> |>different kinds of report are evident in the log:
>
> I have to disagree here,


With the greatest of respect, you are in no position to disagree with
the second paragraph which you quoted. It is a plain statement of
fact about incidents which happened here, and of which you have no
more knowledge than what I have already given you.

As for the first paragraph, I do stand by what I wrote, though I'm
well aware that such a policy is inconvenient for some. But naive
users getting themselves infested with viruses is also inconvenient,
and in my situation (as deputy postmaster for a department full of
academics who, in terms of computer usage, is as easy to control as
the average herd of cats), I think we're right to err on the side of
caution.

[...]

> Mcafee identified it as "an unknown virus or trojan".


Fine, but are you going to rely on that alone to protect your naive
users?

> I have always HATED sites that block EXEs and other files simply because
> they COULD contain a virus.


My hatred goes out to the client software which makes it so easy for
users to fall foul of such infestations. But we can't stop them doing
it, so we see our only recourse as blocking the potential risks.

> Yesterday I had a software vendor ask me to
> send him some files that was making a program he wrote crash when it
> loaded up. He asked for them in a ZIP file.


So you should have sent them as a ZIP file. This is also our policy.

> So, I sent a self-extracting ZIP, and it was promptly rejected.


Indeed, as so would we. I'm disappointed that you don't see the logic
of this for yourself. You've every right to discuss the general
policy, but, given that they had such a policy, if you intend to send
them something then you better fall into line with that policy. They
ask for zip format, you send zip format - not exe format.

best regards