[87146] in North American Network Operators' Group
Re: Clueless anti-virus products/vendors (was Re: Sober)
daemon@ATHENA.MIT.EDU (Todd Vierling)
Tue Dec 6 11:58:32 2005
Date: Tue, 6 Dec 2005 11:19:42 -0500 (EST)
From: Todd Vierling <tv@duh.org>
To: Douglas Otis <dotis@mail-abuse.org>
Cc: "Steven M. Bellovin" <smb@cs.columbia.edu>,
"Church, Chuck" <cchurch@netcogov.com>, nanog@merit.edu
In-Reply-To: <6ACBF732-7453-4D3A-B43C-BCEB30E9009D@mail-abuse.org>
Errors-To: owner-nanog@merit.edu
On Mon, 5 Dec 2005, Douglas Otis wrote:
> A less than elegant solution as an alternative to deleting the message, is
> to hold the data phase pending the scan.
Contrary to your vision of this option, it is not only elegant; it happens
to be the *correct* thing to do.
Dropping the message on the floor is arguably stretching the bounds of
RFC2821. If a message is going to be dropped because of a policy (such as a
worm/virus flag), you really should be rejecting after DATA with a RFC1893
5.7.x extended result code.
> Another solution would be not returning message content within a DSN.
If you're still sending to a forged address, how is this not still UBE...?
--
-- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>
