[imp] Virus Scan Attachments on upload

George A. Theall theall at tifaware.com
Wed Jan 22 17:33:58 PST 2003


On Wed, Jan 22, 2003 at 02:41:40PM -0700, Dan Wilson wrote:

> I've got qmail-scanner handling all incoming mail, but I don't have it going 
> out.  I'd prefer it this way seeing as I would rather not invoke the scanner 
> when sending my emails from my sites, etc.

Perhaps you'll indulge me for a few minutes with this story:

In an earlier life, one of the hats I wore was postmaster for an medical
center / medical school.  One year, as the dot com craze was getting
started, the IT director for the medical school decided to outsource
e-mail for students to a newly minted ASP focusing on messaging.  The
ASP offered all the bells and whistles - LDAP directory, web access,
virus-checking of e-mails, ...  you name it.  A few months after
students were moved over, my mail system got hit hard by one of those
mail-borne viruses that faked the from line -- several thousand an hour,
all coming from the ASP.  The messages were rejected by the virus
checker I was running, but the volume was essentially a DoS on my
server.  When I talked to the school's IT director about it, he swore up
and down I was wrong because the ASP did virus checking.  I showed him
the message headers but he continued to deny the problem was with the
ASP.  Finally, I asked if the ASP ran virus checks against messages
originating locally.  Guess what his answer was?

Unless you have some means of restricting SMTP access to just your
webmail machine(s), scanning mail from your local users as well will
protect not only your own users but the rest of us as well. 

> But I really think it would be a good idea to let a user know that they have 
> just uploaded a virus.

Certainly.  But you can probably accomplish this just as easily by
configuring your scanner to notify the sender that he / she is infected. 

George
-- 
theall at tifaware.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
Url : http://lists.horde.org/archives/imp/attachments/20030122/f8ab8cdb/attachment.bin


More information about the imp mailing list