Multiple "clean" signatures --- Fixed

Peter Peters P.G.M.Peters at civ.utwente.nl
Thu Jul 18 12:35:01 IST 2002


On Thu, 18 Jul 2002 10:16:34 +0100, you wrote:

>> > It now uses the presence of the "X-MailScanner:" header to work out if it
>> > should sign it or not. If the header is already there, it will assume it
>> > has already been signed and will not sign it again.
>> >
>> > I know this is easy to defeat by users adding fake "X-MailScanner:" headers
>> > to their mail, but since signing is not a vital function I didn't think it
>> > really mattered, and there is no way to do it otherwise (if you have
>> > messages passing through more than 1 MailScanner server). If you have
>> > changed the "X-MailScanner:" header to some other name, you will obviously
>> > need to be consistent across your site for this feature to work. (Otherwise
>> > it doesn't know what header to look for!)
>>just as a clarification, it now works like this?
>
>Header exists --> don't sign

But what if the header says not infected but the current virusscanner
detects a virus (because it is another one or it is updated in the
meantime).

>No header --> sign if scanned and clean

And offcourse "sign if scanned and not clean".

--
Peter Peters
senior netwerkbeheerder,  Centrum voor Informatievoorziening,
Universiteit Twente,   Postbus 217,  7500 AE  Enschede
telefoon: +31 53 489 2301, fax:+31 53 489 2383, http://www.utwente.nl/civ



More information about the MailScanner mailing list