|
|
BugTraq
RFC: virus handling Jan 28 2004 03:45PM Thomas Zehetbauer (thomasz hostmaster org) (13 replies) RFC: content-filter and AV notifications (Was: Re: RFC: virus handling) Jan 29 2004 12:00PM Andrey G. Sergeev (AKA Andris) (andris aernet ru) (1 replies) Re: RFC: virus handling Jan 28 2004 10:00PM John Fitzgibbon (fitz jfitz com) (1 replies) Re: RFC: virus handling Jan 28 2004 06:24PM Patrick Proniewski (patpro patpro net) (1 replies) Re: RFC: virus handling Feb 03 2004 08:55PM Matthew Dharm (mdharm one-eyed-alien net) (1 replies) Re: RFC: virus handling Jan 28 2004 06:07PM Jeremy Mates (jmates sial org) (1 replies) Hysterical first technical alert from US-CERT Feb 03 2004 12:11PM Larry Seltzer (larry larryseltzer com) (3 replies) Re: Hysterical first technical alert from US-CERT Feb 05 2004 12:18PM Andreas Marx (amarx gega-it de) Re: Hysterical first technical alert from US-CERT Feb 04 2004 02:31PM Valdis Kletnieks vt edu (2 replies) Re: Hysterical first technical alert from US-CERT Feb 05 2004 08:33AM Stephen Samuel (samuel bcgreen com) (1 replies) Re: Hysterical first technical alert from US-CERT Feb 06 2004 10:07PM Valdis Kletnieks vt edu (1 replies) Re: Hysterical first technical alert from US-CERT Feb 08 2004 01:01PM Shawn McMahon (smcmahon eiv com) RE: Hysterical first technical alert from US-CERT Feb 04 2004 02:41PM Larry Seltzer (larry larryseltzer com) (1 replies) Re: Hysterical first technical alert from US-CERT Feb 04 2004 12:27PM Philip Rowlands (phr doc ic ac uk) Re: RFC: virus handling Jan 28 2004 05:54PM 3APA3A (3APA3A SECURITY NNOV RU) (1 replies) getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 03 2004 09:11AM Gadi Evron (ge linuxbox org) (4 replies) Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 04 2004 08:04PM Georg Schwarz (geos epost de) Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 04 2004 06:27AM der Mouse (mouse Rodents Montreal QC CA) Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Feb 03 2004 11:07PM James A. Thornton (jamest u-238 infinite1der org) |
|
Privacy Statement |
> Wed Jan 28 2004 18:45:39 Thomas Zehetbauer <thomasz (at) hostmaster (dot) org [email concealed]> wrote:
>
> TZ> 2.1.) Avoid
> TZ> Virus filters should
> ^^^^^^
> MUST
> TZ> therefore be designed and implemented before checking the
> TZ> legitimacy of the intended recipient. This would also avoid
> TZ> helping the virus spread by bouncing it to a previously unaffected
> TZ> third party.
This is a not a good idea. In SMTP, the recipient(s) are transmitted
before the content of the mail. Each RCPT command (specifying one
recipient) can succeed or fail. Checking the legitimacy of recipients
should happen at this stage: Firstly, if no valid recipients are found,
the message doesn't even have to be transmitted. Secondly, at this stage
you can reject the mail for some recipients, but not for others. At the
DATA stage you can only summarily accept or reject it. Thirdly, if you
accept the mail, you have taken over responsibility for it. If you later
decide you cannot deliver the mail, you must generate a DSN. But at that
point you cannot know whether the return path is valid, so you may send
DSNs to innocent third parties.
If at all possible avoid accepting a mail that you are not sure you will
deliver! Try to do all checks during the SMTP conversion so that you can
reject the mail instead of bouncing it (which will often avoid the
bounce completely, since the SMTP engines used by spammers and worms
don't generate bounces), and do it as early as possible to keep traffic
down.
hp
--
_ | Peter J. Holzer | Shooting the users in the foot is bad.
|_|_) | Sysadmin WSR / LUGA | Giving them a gun isn't.
| | | hjp (at) wsr.ac (dot) at [email concealed] | -- Gordon Schumacher,
__/ | http://www.hjp.at/ | mozilla bug #84128
[ reply ]