Re: [exim] two stage virus scan

Etusivu
Poista viesti
Vastaa
Lähettäjä: Axel Thimm
Päiväys:  
Vastaanottaja: Marten Lehmann
Kopio: exim-users
Uudet otsikot: [exim] syslog(-ng) facility not getting everything?
Aihe: Re: [exim] two stage virus scan
On Tue, Jun 20, 2006 at 04:40:30PM +0200, Marten Lehmann wrote:
> > Censoring, which is what spam detection and automated deletion
> > does, w/o the user's explicit knowledge and approval is illegal.
>
> correct so far.
>
> > Rejecting non-spam malware (viruses, trojans, mail bombs) is not.
>
> Why not? I'm supressing messages this way and I shouldn't do this
> without the users confirmation.


Because at that time you know that it can harm yours and the client's
systems and data.

> > E.g. Marten will be probably in more legal trouble, if he scans the
> > mail, thus is in knowledge of whether this mail can harm his
> > customer's systems, and then still adds the virus to the non-paying
> > customer.
>
> Why not? The postman is not in trouble if he knows that he puts spam or
> a bomb in my mailbox.


A postman legaly obliged to deliver a ticking bomb? It sounds like you
really think so, or are you trolling me? ... :)

I'm quite sure he will spend the rest of his days in jail.

> He might inform the police, but he isn't allowed to refuse the
> delivery (maybe he can defer until the police reacts, but he cannot
> refuse).


Not only he can, but he has to refuse.

Please check this twice if you don't take my word for it. If you
knowingly allow someone else to get harmed you become liable. Whether
you deliver a bomb or sell tainted food, if it can be proven that you
were aware of this fact you're behind bars. Same thing for malicious
software you knowingly passed to your client that can shred his data
to ashes.

If you don't want to become liable, don't scan it at all.
--
Axel.Thimm at ATrpms.net