[EMAIL PROTECTED] wrote: [...]
>> This would be perfectly acceptable if all AV >> software yielded a 0% false positive rate. >> However, we all know that just isn't the case. >> False positives DO happen. > > How can you know that there is a false positive? Customer sends an email and it is flagged as containing a virus. Customer runs up-to-date virus scan and finds no virus. Customer contains mail server administrator and mail server administrator runs a variety of scans on email. Most don't detect a virus, so admin sends virus to AV people for possible false positive examination. AV people reply back that this is indeed a false positive and modify signature so it won't happen again. All of this is impossible if customer doesn't KNOW that the email has been quarantined in the first place. This problem is what I am addressing. >> So why don't we change qmail-scanner to return >> a 5xx SMTP error code and a short message when a >> virus email is quarantined? >> > > As you surely know, a 5xx is sent back to the return-path, and it is > almost always faked... No sir, a 5xx or a 451 or whatever is sent back during the actual SMTP session. It has absolutely nothing to do with the return path. No additional emails a generated. Instead, the connection is closed with an error code. [...] >> What do you think? >> > > From my experience, I receive every day a lot of "virus warinnings" > that are "false negatives", I use a Mac. Now I'm using spamassassin to > block all those bogus virus warnnings, they are really spam. I think > that psender is enough good it is not perfect, but it is better than > spread spam all over the wordl in the form of "virus warnnings" or > bounces talking about you maybe has sent a virus, and the queue of my > server doesn't fill with undeliberabily mails to address that really > don't exist ([EMAIL PROTECTED]) I don't think you understand what I'm proposing. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
