Skip scan for viruses
Randal, Phil
prandal at HEREFORDSHIRE.GOV.UK
Fri Jan 30 18:37:02 GMT 2004
> Then the admin who released it is at fault. I release spam everyday,
> but put it back through MailScanner, AFTER adding a specific header
> (X-SpamRequested-Email) that will subract 100 points from
> SpamAssassin.
> The -100 score was added 1.5 years ago, when I did release infected
> message into mqueue. I sure as hell didn't blame
> MailScanner, or Julian
> for my stupidity. Luckily, Norton caught it on our Lotus
> Notes server,
> before any problems were caused.
That's a good point. I'm just using an out of the box (ish) version of
MailWatch to handle the releases, which doesn't add that header. I feel an
enhancement request for MailWatch coming up ;-) Documentation about best
practices will help here.
> It is not a gaping security hole in MailScanner, but it is a gaping
> security hole for an admin to send an email on without scanning it for
> viruses.
>
> It really doesn't matter if a file is stopped because of spam
> first, as
> long as you are smart enough to know to check it for viruses, before
> giving it to an end user.
>
> Dustin
Releasing a file to a user and then having the release bounce back is a
cumbersome way to do things.
and from another post...
> Do you not also have virus protection at the desktop in your corporation?
We do indeed, but the AV vendor lagged well behind ClamAV with updated
patterns, hence the window of vulnerability I mentioned in an earlier post.
I really don't want to go on about this. I'd just like everything delivered
or quarantined scanned.
Well, everything, but if you are in an environment where you have a high
spam to ham ratio, you might feel differently. But I've just covered this
in a different post.
Cheers,
Phil
---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
More information about the MailScanner
mailing list