Logwatch being marked as virus
Alex Neuman van der Hans
alex at rtpty.com
Mon Aug 17 21:21:42 IST 2009
This can be dangerous.
If the host itself has a webmail service, or an exploitable form, the
server won't scan messages sent from the compromised system.
Perhaps a two-factor system, like From:127.0.0.1 and
From:mailwatch at myserver or somesuch, would be better, don't you think?
On Aug 17, 2009, at 3:11 PM, Jules Field wrote:
> A sender can set the sender address to anything they like, it has no
> effect on the delivery of the message.
> So don't do this, do it by IP address, such as
> From: 127.0.0.1 no
> so you don't scan mail originating from the localhost itself.
More information about the MailScanner
mailing list