Logwatch being marked as virus
MailScanner at ecs.soton.ac.uk
Tue Aug 18 08:04:21 IST 2009
Absolutely agreed. What would I do without you guys?!
On 17/08/2009 21:21, Alex Neuman van der Hans wrote:
> This can be dangerous.
> If the host itself has a webmail service, or an exploitable form, the
> server won't scan messages sent from the compromised system.
> Perhaps a two-factor system, like From:127.0.0.1 and
> From:mailwatch at myserver or somesuch, would be better, don't you think?
> On Aug 17, 2009, at 3:11 PM, Jules Field wrote:
>> A sender can set the sender address to anything they like, it has no
>> effect on the delivery of the message.
>> So don't do this, do it by IP address, such as
>> From: 127.0.0.1 no
>> so you don't scan mail originating from the localhost itself.
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Need help fixing or optimising your systems?
Need help getting you started solving new requirements from your boss?
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner