Re: [exim] two stage virus scan

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Marten Lehmann
Date:  
À: exim-users
Sujet: Re: [exim] two stage virus scan
Hello,

> Censoring, which is what spam detection and automated deletion does,
> w/o the user's explicit knowledge and approval is illegal.


correct so far.

> Rejecting
> non-spam malware (viruses, trojans, mail bombs) is not.


Why not? I'm supressing messages this way and I shouldn't do this
without the users confirmation.

> Even rejecting
> technically non-conformant mail or MTA peers is legal and a key
> ingredient to spam prevention.


Thats something different. If the sender doesn't speak correct SMTP it
is clear that messages maybe won't reach the recipient. But I'm not
allowed to suppress a message just because an attachment isn't well MIME
encoded, although an email application might be able to handle it or
maybe the recipient wants to use the raw mail body.

> E.g. Marten will be probably in more legal trouble, if he scans the
> mail, thus is in knowledge of whether this mail can harm his
> customer's systems, and then still adds the virus to the non-paying
> customer.


Why not? The postman is not in trouble if he knows that he puts spam or
a bomb in my mailbox. He might inform the police, but he isn't allowed
to refuse the delivery (maybe he can defer until the police reacts, but
he cannot refuse).

And by the way: According to the new virus scan setup I explained some
emails before not every email will be scanned. And even if we would scan
and detect a virus but deliver the message anyway: If the user has no
contract with us to filter viruses, than he has no chance to sue us. Why
should we do the scan for free while a server license costs several
thousand USD per year?

> Also the commercial licenses apply to whether the mail is
> scanned or not, not whether and how the scan results are used, so at
> the end he would be sued by both customers and virus vendors.


The server license allows to scan an unlimited amount of data for
viruses, it is not a per user license. But if we would scan all mails
for free, why should anyone pay for this service?

Regards
Marten