W32/Sobig.F virus header

Antony Stone Antony at SOFT-SOLUTIONS.CO.UK
Fri Aug 22 12:02:37 IST 2003


On Friday 22 August 2003 11:29 am, Malcolm Ray wrote:

> If I configure MailScanner to add
> 'X-%org-name%-MailScanner: Found to be clean', that avoids the immediate
> problem.  But if many sites use this format, it's not unlikely that a
> future virus will use 'X-$random_string-MailScanner: Found to be clean',
> some sites will then filter on the invariant part, and we're back to square
> one.

Nothing stops you changing the "Found to be clean" part as well, so that
there is no 'invariant part'.

I, for example, preferred to have the headers say simply "Clean", so that's
what I changed it to.   Now I have the benefits (however little you may think
of them) of having a header which confirms it got scanned by my system, but
it's not the same header as anyone else uses.

I agree with you that it comes down to an individual sysadmin's choice.

I don't agree that we should all work around other people's broken systems,
however - if email doesn't get through to them because they're blocking
emails with a perfectly reasonable MailScanner header, then they should be
the ones to receive the complaints from the users who can't send email to
them, not me.

I think the situation is quite simple (for the users): their email is being
rejected by someone else's mail server.   They should complain to whoever
runs that mail server.   My server isn't blocking the (outgoing) mail, so
don't complain to me.

Suppose some sysadmins chose to label any email containing the word "sex" as
being pornographic.   I think people would be justified in telling sysadmins
who used this type of inbound filtering to change it because it's
inappropriate.


Regards,


Antony.

--

Normal people think "if it ain't broke, don't fix it".
Engineers think "if it ain't broke, it doesn't have enough features yet".



More information about the MailScanner mailing list