[31853] in bugtraq
Re: base64
daemon@ATHENA.MIT.EDU (Bennett Todd)
Fri Sep 26 16:33:57 2003
Date: Fri, 26 Sep 2003 14:09:20 -0400
From: Bennett Todd <bet@rahul.net>
To: Louis Erickson <LErickson@ariba.com>
Cc: Earl Hood <earl@earlhood.com>, bugtraq@securityfocus.com,
MightyE <trash@mightye.org>, Lawrence MacIntyre <lpz@ornl.gov>
Message-ID: <20030926180920.GA6827@rahul.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="cWoXeonUoKmBZSoM"
Content-Disposition: inline
In-Reply-To: <271DE2625FD4D311949B009027F43B9F1AB82A26@mail.ariba.com>
--cWoXeonUoKmBZSoM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
2003-09-26T13:49:08 Louis Erickson:
> If there is malware in the message, why are you delivering it to the end
> user? =20
If there's nothing but malware, or if it's recognized as a worm,
then silently dropping it is in order. But in the general case, you
must assume that people would rather e.g. receive a cover note and
an injected sections saying that the application/ms-word was dropped
because it had a macro virus, rather than silent dropping.
As for rejecting, no thanks, I'm already getting too many pieces of
crud in my inbox because of badly-configured scanners that think
they can trust sender info in incoming traffic. Rejecting (at SMTP
dialogue time) isn't as bad as bouncing (which depends on the
trivialy forgable envelope sender), but in these days of spammers
exploiting open relays, it's still not appropriate. Malware should
be absorbed, then dropped only if you're sure there's no real
content, otherwise sanitized and forwarded.
> In another life I run an ISP. I run virus scanners on all
> incoming and outgoing messages. Viruses are rejected at SMTP
> time, and the messages are not delivered.
Occasionally my ISP has to do that to cope with sudden traffic
spikes, and whenever they do, I get threats from MLMs to unsubscribe
me for the offense of being undeliverable.
-Bennett
--cWoXeonUoKmBZSoM
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE/dIDQHZWg9mCTffwRAtMqAJ9sxbz8eheNVMqBh+e8OhT7AhVKUACfcIvs
1zOBm6oA0AN48cCo0yVs4d8=
=Dmob
-----END PGP SIGNATURE-----
--cWoXeonUoKmBZSoM--
