Logwatch being marked as virus

Julian Field MailScanner at ecs.soton.ac.uk
Tue Aug 18 08:04:21 IST 2009


Absolutely agreed. What would I do without you guys?!

On 17/08/2009 21:21, Alex Neuman van der Hans wrote:
> This can be dangerous.
>
> If the host itself has a webmail service, or an exploitable form, the 
> server won't scan messages sent from the compromised system.
>
> Perhaps a two-factor system, like From:127.0.0.1 and 
> From:mailwatch at myserver or somesuch, would be better, don't you think?
>
> On Aug 17, 2009, at 3:11 PM, Jules Field wrote:
>
>> A sender can set the sender address to anything they like, it has no 
>> effect on the delivery of the message.
>> So don't do this, do it by IP address, such as
>> From: 127.0.0.1 no
>> so you don't scan mail originating from the localhost itself.
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list