Virus scanning (was Re: [Exim] Exchange, HELO and underscore…

Top Page
Delete this message
Reply to this message
Author: Walt Reed
Date:  
To: exim-users
Old-Topics: RE: [Exim] Exchange, HELO and underscores
Subject: Virus scanning (was Re: [Exim] Exchange, HELO and underscores)
cdaehnn Fri, Jun 27, 2003 at 06:24:38AM -0500, Cory Daehn said:
> If enough of their mail bounces, they'll fix it. Of course, I'm also one
> of those that says it's not the server's responsibility to scan mail for
> viruses, it's the client's responsibility, and anyone who doesn't use
> common sense and run a GOOD virus protection program and keep it up to
> date deserves what they get.


Getting a little off topic, but I have a fundimental problem with virus
scanning as the only line of defense. The basic problem with virus
scanners is that they rely on that update data. There is a deadly lag
time between the time that a virus starts to propogate, the time it
takes a AV vendor to identify and create a rule, and the time it takes
to deploy the rule to the AV client software.

I look at virus / worm defense like any other security issue. Relying on
AV software alone is like relying on a firewall alone and not having any
other internal security. For this reason, I run John Hardin's procmail
security scanner that deals with malicious [java|vb]script, web-bug
images, defanging certain executable code, etc. Is it perfect? No, but
it helps. It's just another layer of security.

Not everyone can use this though as certain localities with pinhead
lawmakers forbid messing with any email content.