IMP and virus checking

Mike Coughlan mcoughlan@gothambroadband.com
Wed, 2 Jan 2002 16:24:55 -0500

Previous message: [imp] Causing maintenance operations to occur without prompting?
Next message: [imp] IMP and virus checking
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

i know my opinion was not asked but...

my 2 cents is that virus checking needs constant updating, so you might need
to revisit this often even if you did make this dealine

we have been very very happy with procmail and this script:
http://www.impsec.org/email-tools/procmail-security.html

note that it is very robust - defanging javascript, webbugs, malicious word
macros, anything that could compromise privacy or do damage. i will also
testify that only a regex guru can touch it, and that some have found it
annoying that html mail is defanged, but so far it has caught every virus
sent via mail.

i don't know much on your planned contribution, but i do think that:

1) A stale or half-implemented virus scanner can do more harm than good
2) SAs should be encouraged to scan for virus on the mail server to warn the
sender immediately
3) Centralizing your mail scans can make it easier for users

ps - we get email updates from the site above when new virus code is
necessary to install

Thanks for listening



> I wanted to write a virus checking hook and thought this could be
> interresting
> for others.

Previous message: [imp] Causing maintenance operations to occur without prompting?
Next message: [imp] IMP and virus checking
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]