Re: amavisd/clamav Virus Recipient email notification template woes
From: Warren Block (wblock_at_wonkity.com)
Date: 07/31/04
- Previous message: Warren Block: "Re: backspace and delete keys behavior"
- In reply to: Tim Schutt: "Re: amavisd/clamav Virus Recipient email notification template woes"
- Next in thread: Matthew Seaman: "Re: amavisd/clamav Virus Recipient email notification template woes"
- Reply: Matthew Seaman: "Re: amavisd/clamav Virus Recipient email notification template woes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 30 Jul 2004 18:22:00 -0600 (MDT) To: Tim Schutt <tim@square1consulting.com>
On Fri, 30 Jul 2004, Tim Schutt wrote:
> On Jul 30, 2004, at 4:09 PM, Bill Moran wrote:
>> If you're going to send notification, there is only one _proper_ way
>> to do it: analyze the Received: headers and find out where the virus
>> _really_ originated, then contact the abuse@ address for that domain
>> with the message.
> I completely understand where you are coming from, and I am only intending on
> notifying the intended recipient of the email, not the "sender" for the very
> reason that you note. If it was just me, I would can the message and be done
> with it. However, I am in the midst of marketing this service to some highly
> security conscious people so I would like the reinforcement of the
> notifications for their piece of mind and a little customer-stroking
> reminding them how great the service is. :-)
[Format recovered--please don't top-post. It makes responding to your
messages difficult and time-consuming, to the point that many people
won't bother.]
"Virus detected" messages are generally abusive. Here are some problems
I've experienced on the receiving end of antivirus notification
messages:
* Sent to the forged From address. We'll skip the issue of a virus
checker that trusts any content in a virus-generated message;
what about long CC: and BCC: lists?
* Sent to the intended victim--"Hey, you almost got away without being
harassed, but we wanted to brag about our antivirus system."
* Some include "this message guaranteed virus-free" text. It's like the
sender is saying "please sue me".
* Sent outside the detecting system's domains, spreading the damage.
If you must send notifications, send them only to those systems you
control, and where you are responsible to your users.
* Antivirus software forges "postmaster@victim'sdomain" into the From:
line. Senders of these messages get a 550 reject for all further
mail.
* Some notifications include the virus. Yes, there are actual
"antivirus" programs out there that are dumb enough to do this.
Bearing that in mind, here's a suggestion for clamav flags:
clamav_milter_flags="--quiet --local --outgoing --max-children=50 --dont-log-clean --noxheader --outgoing"
-Warren Block * Rapid City, South Dakota USA
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Warren Block: "Re: backspace and delete keys behavior"
- In reply to: Tim Schutt: "Re: amavisd/clamav Virus Recipient email notification template woes"
- Next in thread: Matthew Seaman: "Re: amavisd/clamav Virus Recipient email notification template woes"
- Reply: Matthew Seaman: "Re: amavisd/clamav Virus Recipient email notification template woes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
