[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [Full-Disclosure] Re: Filtering sobig with postfix

To: madduck@madduck.net, full-disclosure@lists.netsys.com
Subject: AW: [Full-Disclosure] Re: Filtering sobig with postfix
From: vogt@hansenet.com
Date: Wed, 20 Aug 2003 15:27:18 +0200

> > /see attached file for details/	REJECT
> 
> this incurs a factor 2-4 performance drop, and it could also elicit
> false positives. you should definitely do more than just REJECT
> (i.e. write out a message: s/REJECT/554 Suspected virus/).

Agree, a message would be good.


> also, this is more the job of a content filter than of an MTA.

True. But this solution offers two advantages:

a) it's a quick hack, it works (apparently), and it was easy to
   do it on a tuesday morning without installing all kinds of
   additional filters.

b) I never have to store the crap on my own system. Let the windos
   users choke on it, even at €1/GB my harddisk space is too
   expensive to store their virus spam.


Tom

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Re: Filtering sobig with postfix
  - From: martin f krafft <madduck@madduck.net>
- Re: [Full-Disclosure] Re: Filtering sobig with postfix
  - From: "gregh" <chows@ozemail.com.au>

Prev by Date: RE: [Full-Disclosure] Administrivia: Testing Emergency Virus Filter..
Next by Date: Re: [Desperately OT] [Full-Disclosure] Administrivia: Testing Emergency Virus Filter..
Prev by thread: [Full-Disclosure] Slammer worm crashed Ohio nuke plant network
Next by thread: Re: [Full-Disclosure] Re: Filtering sobig with postfix
Index(es):
- Date
- Thread