Re: [Exim] W32.Swen@MM

Top Page
Delete this message
Reply to this message
Author: Robert Kehl
Date:  
To: Alan J. Flavell, exim-users
Subject: Re: [Exim] W32.Swen@MM
----- Original Message -----
From: "Alan J. Flavell" <a.flavell@???>
To: "Exim users list" <exim-users@???>
Sent: Saturday, September 20, 2003 1:54 AM
Subject: Re: [Exim] W32.Swen@MM


> On Sat, 20 Sep 2003, Robert Kehl wrote in TOFU style:
>
> > None, sorry. The usual .exe, isn't it? Blocked anyway.
>
> Problem this time around seems to be that the dangerous stuff is quite
> some way into the mail. Those who set their mail scan limit to 5k or
> whatever for efficiency reasons are missing it. (As it happens, we
> already set ours to 50k, but eventually I suppose we'll have to scan
> the entire mail, even if it _is_ a couple of terabytes and takes
> days to scan...)


Ah, I see. But, Alan, you don't have to feed terabytes if you don't
allow them to be received. Set your mail scan limit as high as an email
may be which arrives at your system(s). Ie. If you'd only allow 10 MB
mails, or say: 50Mb you'd never scan more than that. I believe, 50 MB
should be enough, but it clearly depends on your situation.

I personally believe there shouldn't be limitations to the securing
system due to performance reasons. email is the most important way to
communication today, at least ;) to me and most people around me.
Securing this way should IMHO belong to cat. "how much" instead of cat.
"why" when it comes to financial aspects. Performance never being more
than a financial question, of course.

With kind regards,

Robert Kehl