Feature request : Dangerous Content Scanning option

paddy paddy at PANICI.NET
Thu May 27 19:48:58 IST 2004


On Thu, May 27, 2004 at 06:58:09PM +0100, Julian Field wrote:
> This strikes as rather dangerous.

Agreed.
But then I'd rather have a sharp knife, than a blunt one.

> You first code patch will disable the
> check for partial messages (among other things).

Agreed. That is the intent.

There is already an abstract switch that does this: "Virus Scanning".

> Not checking for partial
> messages will let viruses through that are present in multi-part messages.

Agreed.  That is already well-documented in the .conf file.

> I wouldn't advise anyone to switch off that check.

Me neither.  I wouldn't dream of doing so for myself, and I don't even run
a windows box.

But I have agreed to do it to win back the trust of a client for whom email
is critical in order to get at least ordinary virus-scanning in the loop.

> I think you need to be rather more careful about what checks any option
> like this might disable.

I believe I've been extremely careful, but I'm happy to be corrected.

As it happens the distinction I've implemented is co-terminous with
difference between internal and external virus scanning in mailscanner,
but that is not the intent.

The intention is to distinguish between checks that positively identify
malware (false positives aside), and checks that don't.  This is a
distinction that is already made in the code and the reports.

Although I'm not familiar with the history, I imagine that partial
messages is one of those features that some misguided souls somewhere
are still using for non-malicious purposes.  Until I quantify the
various risks, that puts them in my dangerous content group.

I'm not entirely unhappy about having a wide range of risk in that
group.  I need users to take some responsibility for managing the
riskier options, having compelling options opens that door.

There are many of these checks, not all have individual conf switches,
and there is no way to say "all current and future checks of this kind".

So, then things would look like ...

        VirusScanning
                Scanners
                        ...
                Dangerous Content
                        partial messages
                        ...

But if they looked like

        VirusScanning
                Scanners
                        ...
                partial messages
                Dangerous Content
                        ...

or

        VirusScanning
                Scanners
                        partial messages
                        ...
                Dangerous Content
                        ...

I'd be just as happy.

Partial messsages seem like a special case, because of their link with
virus scanning, but in my book HTML scripts are far more scary.

Now you can't sell those to everyone.

I don't particularly want it.  I do need it.

Regards, and thanks for wading through this rather epic mail,


Paddy

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list