Jason Haar wrote: > On Wed, May 12, 2004 at 10:07:26AM -0400, Jesse Guardiani wrote: >> Yes, let's look at my actual issue: >> >> 4. I am a business customer, and I rely on email to do business. I send >> a word doc or a zipped binary attachment that just happens to contain >> a signature that looks an awful lot like a virus to a business >> associate's > > Huh? When does this happen? This comes back to choice of AV then. > Seriously, how often does it happen?
I have no idea, but I suspect it happens far more often that you think. Take a good long look at your quarantine directory sometime and tell me if you see legitimate emails there. > And don't say "it can so therefore we > should handle it" as I don't want code showing up in Q-S that is only of > use in 1 in 100000000 cases. > >> ISP. The remote mail server silently drops the email and because my email >> looks like it contains a virus. I am NOT a customer of this remote ISP, >> so they do NOT send me any kind of notification whatsoever. The email is >> lost and I don't realize that it didn't reach it's destination until it >> is too late. Is this the sort of thing that law suites are made of? I >> don't know. >> > > Well that's why it's configurable. If you are actually concerned about law > suites, you would notify ALWAYS. No other option would suffice. returning a 550 would suffice. :) >> CONS? Yes, there are some that you've described already. If the computer >> on the other end of qmail-scanner's SMTP session is NOT equiped with a >> virus scanner AND is relaying the virus for someone else then someone >> will receive a very cryptic bounce message. Maybe this will happen more >> often than I anticipate. So what? That remote mail server should be >> running AV software anyway. At least we don't have to worry about false >> positives anymore. Also, I think the sting of this can be lessened if we >> include a qmail patch in the contrib directory that will allow us to >> return more informative bounce messages. > > ... > >> > If your AV is blocking clean files as being viral, complain or change >> > AV. >> >> I use ClamAV, and as far as I can tell it hasn't blocked any false >> positives. But I watch the virus database changelogs, and false positives >> are submitted all the time. The possibility is real, and if you think >> your particular AV software is immune then you're not being honest with >> yourself. > > But it's not my fault if the AV is generating False Positives either. As > far as "legal liability" goes - I'd say the AV company was to blame more > than me of Q-S - wouldn't you? Possibly, but I'd still prefer to have a 550 returned. > Let's drop the legalize - there be dragons there... > >> >> I'm not suggesting that we make this change the default behavior. I'm >> simply suggesting that we make it an option. > > Off to read the next on this thread. > > Don't think I'm dissing you on this. I just want this topic thrashed out. I know. If you decide against what I propose then I can always patch. I think that would be a mistake though. :) -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
