[33392] in bugtraq
Re: RFC: content-filter and AV notifications (Was: Re: RFC: virus handling)
daemon@ATHENA.MIT.EDU (Peter J. Holzer)
Wed Feb 4 04:47:36 2004
Date: Tue, 3 Feb 2004 17:07:32 +0100
From: "Peter J. Holzer" <hjp@wsr.ac.at>
To: Thomas Zehetbauer <bugtraq@securityfocus.com>
Message-ID: <20040203160732.GF26252@wsr.ac.at>
Mail-Followup-To: Thomas Zehetbauer <bugtraq@securityfocus.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="K/NRh952CO+2tg14"
Content-Disposition: inline
In-Reply-To: <631201033.20040129150003@aernet.ru>
--K/NRh952CO+2tg14
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On 2004-01-29 15:00:03 +0300, Andrey G. Sergeev (AKA Andris) wrote:
> Wed Jan 28 2004 18:45:39 Thomas Zehetbauer <thomasz@hostmaster.org> wrote:
>=20
> TZ> 2.1.) Avoid
> TZ> Virus filters should
> ^^^^^^
> MUST
> TZ> therefore be designed and implemented before checking the
> TZ> legitimacy of the intended recipient. This would also avoid
> TZ> helping the virus spread by bouncing it to a previously unaffected
> TZ> third party.
This is a not a good idea. In SMTP, the recipient(s) are transmitted
before the content of the mail. Each RCPT command (specifying one
recipient) can succeed or fail. Checking the legitimacy of recipients
should happen at this stage: Firstly, if no valid recipients are found,
the message doesn't even have to be transmitted. Secondly, at this stage
you can reject the mail for some recipients, but not for others. At the
DATA stage you can only summarily accept or reject it. Thirdly, if you
accept the mail, you have taken over responsibility for it. If you later
decide you cannot deliver the mail, you must generate a DSN. But at that
point you cannot know whether the return path is valid, so you may send
DSNs to innocent third parties.=20
If at all possible avoid accepting a mail that you are not sure you will
deliver! Try to do all checks during the SMTP conversion so that you can
reject the mail instead of bouncing it (which will often avoid the
bounce completely, since the SMTP engines used by spammers and worms
don't generate bounces), and do it as early as possible to keep traffic
down.
hp
--=20
_ | Peter J. Holzer | Shooting the users in the foot is bad.=20
|_|_) | Sysadmin WSR / LUGA | Giving them a gun isn't.
| | | hjp@wsr.ac.at | -- Gordon Schumacher,
__/ | http://www.hjp.at/ | mozilla bug #84128
--K/NRh952CO+2tg14
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iQDQAwUBQB/HRFLjemazOuKpAQGgkgXTBew1nrJ3dtdW45vN8S4a93A3WD0w48Rp
LVdL7yob5iAgA3M+YN3QcVZpPvXVfTatmUX1SgR8VVogPf2UG6dZUFyfmSNMsubD
M1kPnucQ7HPn13iaHbkGDyJUXOEM+vBIx34uCzJlw7mHUw/OMY5w0KlL4kBji2df
aPOtWDCSt2c2aQOQH5FfuRiQUooY+z3lX10chhU9qNmuUNFtiCtzXDj6HqVF2RD6
G7f3bqOjILAlNLU5aiHird3FFQ==
=7cxX
-----END PGP SIGNATURE-----
--K/NRh952CO+2tg14--
