Autor: Axel Thimm Datum: To: Magnus Holmgren CC: exim-users Betreff: Re: [exim] two stage virus scan
On Sun, Jun 18, 2006 at 11:25:23PM +0200, Magnus Holmgren wrote: > On Sunday 18 June 2006 21:37, Marten Lehmann took the opportunity to write:
> > Hello,
> >
> > >>2. It doesn't matter which virus scanner we are using. Each user
> > >>(mailbox owner) must be able to disable the virus scan, otherwise it
> > >>would infringe German law.
> > >
> > > That's true for spam, not viruses!!!
> >
> > not in all cases. Due to heuristic, there may be false positives
> > (especially on broken MIME parts or so).
Even then it is still not an issue with the law. Otherwise ratware
detection would be illegal, too.
> Now I'm curious: What exactly does the law say? Is it illegal to (actually or
> potentially) throw away legitimate mail? Or is it illegal to (actually or
> potentially) not deliver legitimate mail? (Unless the user volontarily
> accepts the risk.)
Censoring, which is what spam detection and automated deletion does,
w/o the user's explicit knowledge and approval is illegal. Rejecting
non-spam malware (viruses, trojans, mail bombs) is not. Even rejecting
technically non-conformant mail or MTA peers is legal and a key
ingredient to spam prevention.
Compare it to snail mail, more or less the same applies and is derived
from the same set of laws. The postman is not allowed to throw away
the ads, even if he knows you hate then, and he would be even liable
to law himself if he knowingly delivers a ticking bomb. ;)
E.g. Marten will be probably in more legal trouble, if he scans the
mail, thus is in knowledge of whether this mail can harm his
customer's systems, and then still adds the virus to the non-paying
customer. Also the commercial licenses apply to whether the mail is
scanned or not, not whether and how the scan results are used, so at
the end he would be sued by both customers and virus vendors.
Having said that, clamav is doing a great job at a great price w/o any
legal obstructions and pitfalls.
--
Axel.Thimm at ATrpms.net