Internet Drafts being tagged by E-Mail virus scanner...
Julian Field
mailscanner at ecs.soton.ac.uk
Thu Oct 10 18:43:52 IST 2002
At 14:57 10/10/2002, you wrote:
> I just installed the lastest version of "MailScanner" (3.23-4)
>on my net and suddenly started getting all the Internet Draft "I-D ACTION"
>announcements from the IETF flagged as viruses.
The IETF drafts are about the 1 big user of "external body" messages in
existence. I haven't seen anyone else use them for legitimate purposes.
> I would think that there should be no problem with the
>access-type="mail-server" since that mail will get scanned
>by the scanner when it arrives. I would also think that
>access-type="anon-ftp" for a file with a .txt extension should
>be pretty safe as well.
Yeah, right. I used to think plain text email messages with no HTML content
or attachments were safe too, and didn't need virus scanning. How wrong I
was! The "MyParty" virus taught me that one the hard way. I'm not making
the same mistake. Don't assume that something automatically retrieved from
somewhere, then rendered by your email client, is ever "safe" because it
probably isn't.
> So maybe MailScanner is being a little
>too agressive here in nuking all messages with "Message/External-body"
>attachments. Sigh... Maybe not... The alternative is the same
>"Red Queen's Race" of what is allowable extensions / access methods
>and ones are likely to be exploited.
>
> ITMT... I'm trying to figure out a way to get MailScanner
>to leave these messages alone (given that worms are also forging
>headers so it can't trust the E-Mail addresses in the headers either).
I could add yet another config option to turn this feature on and off, I guess.
Do people really want that?
--
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
More information about the MailScanner
mailing list