Best practice

Gray, Richard richard.gray at DNS.CO.UK
Thu Oct 13 10:59:43 IST 2005

> This was the start point for our discussion, then my doubt on 
> that rule. 
> Could  be a 'better performance' rule, but there are real 
> attacks catched ONLY by that rule ?

Its Defence In Depth. You're right that their nearly always caught by
something else (a lot of ours are stopped by spam filters and RBLs) but
there is always a possibility that one will slip through, however remote
the chance may be.

Its like all these defences, you have to weigh up whats more important,
and make a decision based on that. If you are getting major grief for
double dot viruses, then IMHO you're probably safe to take them out. You
could mitigate the risk by using a heuristic virus scanner. This might
increase the number of FPs that you get, but lowers the risk of a double
dotted 0-day virus coming in.

Your choice really.


richard gray
dns ltd
83 princes street, edinburgh, eh2 2er
t:      +44 (0) 870 085 8555 
f:      +44 (0) 870 085 8556
m:    +44 (0) 777 569 2145

This email from dns has been validated by dnsMSS(TM) Managed Email Security and is free from all known viruses.

For further information contact email-integrity at

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list