> > there should be no need to "hack" qmail
>
> And there isn't! Why do people persist on insecure MUAs?
I'll chime in on this, even though my view may not be the same as
everyone else's.
The problem isn't MUA's. The problem is that users were duped into
executing a program of a malicious intent.
That isn't anything new. In fact, it isn't even restricted to MUA's.
The recent root-exploit of Apache.org involved duping a root user into
executing malicious code. It's just a fact of life, until every user in
the world is not only educated (hah, when will that happen?), but
sufficiently competant to analyze programs on their own, virii will still
exist. And een if those utopian conditions existed, we'd just find
trickier ways to spread the virii.
Because of that, viral scanning is a necessity for large corporations,
to save themselves a lot of monetary loss. They simply need to protect
themselves through viral scanning. The ability to have incoming/outgoing
mail scanned does not solve the problem, but is a very, very good first
step.
Few experienced administrators would fail to use some sort of
firewalling/filtering on their company's Internet connection. If they
wanted to, they could simply throw the blame on insecure programs / OS /
systems, but they don't. The use the firewall / filtering because it's a
fast, easy way to block many attacks. Not all, but many. Central email
virus scanning is the same thing.
When I sent my analysis of the "iloveyou" virus to BugTraq, I was
deluged with email - all of them bounces. Because my message started with
"ilove you", many, many mail servers had blocked it. That was within
something like 12 hours of the release. Think of the immense amount of
headaches the system administrators for those companies saved themselves.
The ounce of prevention was worth a metric ton of cure.
There is also the issue of cost. Is it cheaper to purchase one SMP
machine to scan mail on the server for virii, or to license a hundred
copies of a virus scanner, and then puy each machine more RAM and CPU, so
that they can still work as efficiently while the virus scanner watches
what they do?
Scanning mail on the server may not be your preference. However, it is
a very valuable and useful resource, that is just as valid as using
firewalls to prevent attacks against insecure machines on the inside
network.
If someone in the open-source community doesn't anty up and make
server-side mail scanning work well, someone in the private sector will.
Let's make the world a Better Place, and do it first.
Shoot, just this morning, my MOTHER of all people called me up and asked
why they couldn't stop the virus at the mail server. : )
steve
