Best practice

[Gray, Richard]

> This was the start point for our discussion, then my doubt on 
> that rule. 
> Could  be a 'better performance' rule, but there are real 
> attacks catched ONLY by that rule ?
> 

Its Defence In Depth. You're right that their nearly always caught by
something else (a lot of ours are stopped by spam filters and RBLs) but
there is always a possibility that one will slip through, however remote
the chance may be.

Its like all these defences, you have to weigh up whats more important,
and make a decision based on that. If you are getting major grief for
double dot viruses, then IMHO you're probably safe to take them out. You
could mitigate the risk by using a heuristic virus scanner. This might
increase the number of FPs that you get, but lowers the risk of a double
dotted 0-day virus coming in.

Your choice really.

R  
________________________________

richard gray
dns ltd
 
83 princes street, edinburgh, eh2 2er
 
t:      +44 (0) 870 085 8555 
f:      +44 (0) 870 085 8556
m:    +44 (0) 777 569 2145
w:     http://www.dns.co.uk/ 

-----------------------
This email from dns has been validated by dnsMSS(TM) Managed Email Security and is free from all known viruses.

For further information contact email-integrity at dns.co.uk

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!