A single piece of software can't possibly be all things to all people. I think the best that can be expected is that it reasonably addresses all, or most, of those objectives which the user community shares.
It is easy to say that it only costs $xx when it's not your money, the same as it is to say that it will only take 30 lines of code when you don't have to write it, test it, maintain it and fix it when it breaks. I was the culprit who introduced the HOP feature in Declude a long time ago. It was effective back then in combating dynamic servers in the delivery chain. As intimate as Scott was with his code and with the challenges we all faced, we debated it on and off the list for a long time, before he was convinced it would be a good thing for the entire user community. IOW, he had to see the beef - the evidence, that there was an issue and that it was one which Declude could address effectively. Scott is gone and Imail has changed requiring a major overhaul in Declude. Many of the old timers on this list are still NOT running the most current release, due to certain challenges and anomalies. I'm not trying to be a horses tail or beat you up and there is nothing personal involved. I just think that unless a feature request can be justified with facts, which you admit that yours cannot, that we refrain from distracting the community and particularly the people at Declude. I'd rather see Declude keep pumping the water out of the bilge to the point they can fix the hull, rather than taking the time to hang a new pennant from the mast. Wouldn't you? Thanks, Friday, January 27, 2006, 6:05:46 PM, Markus Gufler <[EMAIL PROTECTED]> wrote: MG> I hav no stat's or numbers. MG> Only the fact that AV-Engines has introduced a suspicious category that is MG> catching more and more new outbreaks. Additionaly it seems that the scanning MG> process is becoming more and more complex. Each variant (we have up to MG> two-letter versions!) seems to need complete new definitions. Another more MG> alarming: certain virus-signatures seems catching only a part of one single MG> but polymorphic and encrypted virus variant. MG> Try to send a vb-script containing one single call of the filesystem-object MG> even if zipped or with renamed file extension trough some av-engines. MG> DELETEVIRUS ON will delete the entire message and you will have to tell some MG> fairy story to the customer who call you because he misses some messages. MG> Don't deleting messages immediately as many of us do is one way. MG> Adding 5 DELETEVIRUSNAME-lines in the global.cfg would be a very simple MG> possibility to keep clean and small the virus folder. And I repeat: It MG> should be something very very simple to implement. Anyone who doesn't want MG> or need it could simply not turn it on. MG> Regarding the allready existing FORGINGVIRUS DNS lookup feature and a MG> possible enhancement like AUTODELETEKNOWNWORMS. MG> I wouldn't say that I don't trust declude's FORGINGVIRUS list. But first of MG> all I realy want to know what I categorize FORGING and what not an my MG> server. Beside the fact that since we don't send out notfications to MG> customers anymore my personal FORGINGVIRUS list is simply a good way to MG> filter out 99% of all postmaster notifications, and so a wave of thus MG> notifications is an excellent indicator that something new is around that I MG> should give a look. MG> An additional DNS lookup for each hold virus in my eyes is not really MG> usefull if the number of forging viruses is so small as it is today. Ok it's MG> a nice thing for someone who doesn't want daily care his server. MG> Another unclear aspect is how this DNS-based list handles different virus MG> names. We have seen in the last months that there is no more consistent MG> naming between AV-Companies. Does Declude maintain and serve forging virus MG> names for all AV-Engines? MG> I still consider Declude my swiss army knife for handling SMTP-traffic and MG> keep our customer mailboxes usable for the daily work. And even if I know MG> that some tools in my knife can be dangerous I want to have them when it MG> will become neccessary. MG> Markus >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Don Brown >> Sent: Friday, January 27, 2006 8:24 PM >> To: [email protected] >> Subject: Re: [Declude.Virus] Feature request: DELETEVIRUSNAME >> >> There is no perfect Spam or Virus system. There will either >> be false positives, missed Spam or Viruses or a combination of both. >> Therefore, if the customer is expecting absolute perfection, >> then I think the problem is one of a customer with >> unrealistic expectations. >> >> You said, "what happens if tommorow turns out that scan >> engines has catched many legit messages as viruses due to a >> new buggy singature." >> Well, then you need to HOLD ALL messages tagged as containing >> a virus, if you are that anal about it and that makes your >> original point moot. >> For instance, you've solved nothing if you had "bagal" hard >> coded to be deleted and that was the buggy one in the >> signature file. How often does this really happen - does it >> happen more than 1% of the time? It hasn't shown to be an >> issue in our case, but I think we'd all be interested in your >> statistics which show it as a significant exposure to false positives. >> >> You said, "or because a legit message unexpected contains >> something "sospicious." My previous comment was to hold all >> of those tagged as suspicious. Do you have good statistics on >> these, which show a significant false positive rate? I think >> we'd all be interested in your finding . . . >> >> Thanks, >> >> >> Friday, January 27, 2006, 10:56:56 AM, Markus Gufler >> <[EMAIL PROTECTED]> wrote: >> >> >> aren't you out hunting mosquitos with hand grenades? >> >> MG> If the "mosquito" is a very nasty but important customer >> it's bether >> MG> using tank's, mg's and whatever you can organize in order >> to prevent >> MG> painfull stings... >> >> MG> On a day liky today I could turn on DELETEVIRUSES with >> nearly zero >> MG> risk in order to keep the server disk clean. But what happens if >> MG> tommorow turns out that one of the scan engines has catched many >> MG> legit messages as viruses due to a new buggy singature or >> because a >> MG> legit message unexpected contains something "sospicious". >> How do you >> MG> explain to customers that the messages are already deleted? >> >> MG> F-Prot's exit code 8 (suspicious files) has catched a lot of new >> MG> unknow viruses before singatures was available. So I use >> this exit >> MG> code in my config to hold messages. But suspicous could also be >> MG> something legit we don't know at the moment. >> >> MG> As I can understand a feature like DELETEVIRUSNAME >> wouldn't require >> MG> more then 30 lines of code and 3 hours of work and it would >> MG> eliminate any need for own scripts on each server. This >> is not what >> MG> I consider a hand grenade... >> >> MG> Markus >> >> >> MG> --- >> MG> [This E-mail was scanned for viruses by Declude EVA >> www.declude.com] >> >> MG> --- >> MG> This E-mail came from the Declude.Virus mailing list. To >> MG> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> MG> type "unsubscribe Declude.Virus". The archives can be found >> MG> at http://www.mail-archive.com. >> >> >> >> ---- >> Don Brown - Dallas, Texas USA Internet Concepts, Inc. >> [EMAIL PROTECTED] http://www.inetconcepts.net >> (972) 788-2364 Fax: (972) 788-5049 >> ---- >> >> --- >> [This E-mail was scanned for viruses by Declude EVA www.declude.com] >> >> --- >> This E-mail came from the Declude.Virus mailing list. To >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> type "unsubscribe Declude.Virus". The archives can be found >> at http://www.mail-archive.com. >> MG> --- MG> [This E-mail was scanned for viruses by Declude EVA www.declude.com] MG> --- MG> This E-mail came from the Declude.Virus mailing list. To MG> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and MG> type "unsubscribe Declude.Virus". The archives can be found MG> at http://www.mail-archive.com. ---- Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364 Fax: (972) 788-5049 ---- --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
