Re: [vox-tech] the answer to all my virus problems

Sun, 21 Sep 2003 01:58:23 -0700


On 2003.09.20 22:10, [EMAIL PROTECTED] wrote:
On Sat 20 Sep 03, 9:20 PM, Ken Bloom <[EMAIL PROTECTED]> said:
[Snip older quotings] 
> Umm, please consider the golden rule when sending reject messages.
> Do not unto others as you would not want done unto you.
> This can go two ways though because you might not want your legit
> messages silently dropped. You be the judge.

umm, there must be some kind of confusion here.

these messages aren't silently dropped.  they're rejected.  there's a
big difference...

that's why they're called "reject messages". :-)

pete

I'll clarify. Do not unto others as you would not want done unto you,
There are two situations I specifically had in mind here. I only wrote one out and it was kind of confusing, so I appologize for that.

(a) Supposing a Klez-like virus got dropped by this filter: you would send out a rejection message to the wrong sender - and I know you've all been trying to rig your mailers to ignore these rejection messages (Bill Kendrick mentioned wanting to do this earlier in the thread). Hence, do not unto others as you would not want done unto you.

I thought (a) was fairly obvious, but I guess not.

(b) Supposing you decided to spare others from being falsely accused of sending viruses. You would decide then to silently drop all incoming exe attachments. Supposing one of your messages to someone else were to match the pattern. I assume because you all use Linux that that message would have some useful content in it, not spam and not (heaven forbid) a virus. You would not want that message silently dropped because it has useful information in it. Hence, you need to consider in this case also: do not unto others as you would not want done unto you.

I think silently dropping .exe messages is probably a better solution, because false positives for .exe messages are going to be extremely rare (especially since you use Linux), but sending reject messages to innocent parties will happen fairly frequently. (Unless I'm misunderstanding how our mail system sends reject messages)

--
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.
My key was last signed 6/10/2003. If you use GPG, *please* see me about
signing the key. ***** My computer can't give you viruses by email. ***

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to