Multiple "clean" signatures --- Fixed
Julian Field
mailscanner at ecs.soton.ac.uk
Thu Jul 18 14:04:43 IST 2002
At 12:35 18/07/2002, you wrote:
>On Thu, 18 Jul 2002 10:16:34 +0100, you wrote:
> >> > It now uses the presence of the "X-MailScanner:" header to work out
> if it
> >> > should sign it or not. If the header is already there, it will assume it
> >> > has already been signed and will not sign it again.
> >> >
> >> > I know this is easy to defeat by users adding fake "X-MailScanner:"
> headers
> >> > to their mail, but since signing is not a vital function I didn't
> think it
> >> > really mattered, and there is no way to do it otherwise (if you have
> >> > messages passing through more than 1 MailScanner server). If you have
> >> > changed the "X-MailScanner:" header to some other name, you will
> obviously
> >> > need to be consistent across your site for this feature to work.
> (Otherwise
> >> > it doesn't know what header to look for!)
> >>just as a clarification, it now works like this?
> >
> >Header exists --> don't sign
>
>But what if the header says not infected but the current virusscanner
>detects a virus (because it is another one or it is updated in the
>meantime).
>
> >No header --> sign if scanned and clean
>
>And offcourse "sign if scanned and not clean".
No, it does not sign messages which are not clean (it shouldn't anyway!).
It does the 2 rules I stated.
--
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
More information about the MailScanner
mailing list