lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040127210359.GO1456@sentex.net> From: damian at sentex.net (Damian Gerow) Subject: antivirus s/w Thus spake Bryan K. Watson (bwatson@...tracers.com) [27/01/04 15:57]: > >Especially with virii spoofing the "From" field now. It just ends up with > >somebody at random getting the response, which is likely to cause more > >confusion. > > The problem is not just antivirus software...the SMTP RFC states that mail > servers must be polite as well....so all the sysadmins have to deal with > purging all those double bounces from faked headers and invalid > destinations. ~postmaster/.procmailrc: :0: * ^Subject: (Postmaster (notify|warning)|Could not send message for|Returned mail) double-bounce (Note that this will need to change if you send mail from postmaster@.) Not terribly difficult. IMHO, dealing with false virus notifications -- and servers that 'politely' strip the worm code before it gets to you -- is a bigger pain. I actually get more 'disinfected' viruses than viruses themselves. Until we see a virus that attaches itself to valid messages (which I bet will be Real Soon Now), there's no need to just disinfect an e-mail.
Powered by blists - more mailing lists