Re: [Exim] Auto bounce under some conditions

Top Page
Delete this message
Reply to this message
Author: Peter Bowyer
Date:  
To: exim-users
Subject: Re: [Exim] Auto bounce under some conditions
rtm said:
>Peter Bowyer said:
>> Be *very* careful you don't start autoreplying to a worm, then, thus
>> contributing to the problem instead of the solution.
>
> Opps, I forgot this. If the sender is worm, the system will auto-reply
> large number of nonsense emails. Thanks.


Good!

> I know your opinion: use a AV product to scan email, is it? Yes, we have
> a RAV installed, but in some extreme curcumstances, the RAV or other
> AV scanner can't work properly, for example, a new worm which still not
> recoginzable by AV scanner. This will cause a big problem. This year, we
> face one of these cases.


As long as it suits your business needs (ie you don't have a need to
receive .exe files over email), it's good to use the banned-extensions
feature of exiscan-acl as a first line of defence. This will catch plenty
of viruses/worms, including some percentage of new ones. But a good AV
scanner will catch the next layer of stuff - things not in executable
files, inside encrypted zips, and so on. And as long as you have your AV
update itself regularly (which means several times per day), you're as
protected as you can be. Much better than relying on hearing about the new
worm and having to crank out some manual rules to catch it.

Peter