--On Friday, September 12, 2003 09:18:02 +0100 Nigel Metheringham
<Nigel.Metheringham@???> wrote:
> On Thu, 2003-09-11 at 19:55, Pat Lashley wrote:
>> Ok, I'll bite. What's an EICAR test string? Where would it come
>> from and what would it be used for?
>
> Basically a small DOS COM file which is recognised by the vast majority
> of virus scanners as a virus (it isn't). It has the dubious distinction
> of being representable in 7 bit ASCII (so can go in unencoded mail), and
> in this case caused a 1001 mail scanners to send me bounces for mail
> including it. Its used for testing virus scanning systems.
>
> See
> http://www.eicar.org/anti_virus_test_file.htm
Ah, right, I remember it now. The old brain cells sometimes get a
bit sluggish and can't dredge up the right context to interpret some
of these references. How's the saying go? "I haven't lost my mind,
it's backed up on tape somewhere."
Interestingly enough I finished upgrading our installation and adding
exiscan-acl, clamav, and SpamAssassin just in time to log the message
that probably triggered the bounce storm that caused your justifiable
rant. Of course since I'm using exiscan-acl, the message was just
refused, not bounced. (I agree that there's a very special place in
hell for people who send the virus back in the bounce message, or who
trust the headers to tell them who to send it back to. Right next
door to people who use vacation programs that aren't smart enough to
avoid sending vacation messages back to a mailing list.)
However, that said, is there any particular reason why messages coming
into the mailing list address aren't checked for viri before being sent
back out? (Outgoing messages from the list shouldn't need to be scanned
since they have, theoretically at least, already been scanned once on
the way in. So the scanning overhead is based on the number of unique
messages sent to the list, not to the size of the list membership.)
Thanks for the additional context.
-Pat
