Mark Foster
Then theres always the way a few american providers have gone - dropping port 25 to hosts other than their mail relays, tied to decent AV filtering.
This saves a nearly unbelievable amount of pain. Most email-borne viruses seem to go direct to port 25 at other people's MXs, so don't hurt anyone when 25/tcp is blocked. The rest try to go via the actual relays and get dropped due to AV scanning.
Simon Byrnand wrote:
If virus scanning was prone to the same level of false positives as spam filtering, then dropping virus infected messages might be cause for concern, but with extremely low FP's it isn't.
except its not, right? You're using definitions provided by an AV Vendor that specifically match a pattern to a known piece of Virus Code. Not anywhere near as many false positives.
I've seen one vendor's AV software fire on example code, laid out in plain text emails, e.g. on ntbugtraq. I believe Russ Cooper has ranted about this in the past. cheers, Jamie -- James Riden / j.riden(a)massey.ac.nz / Systems Security Engineer Information Technology Services, Massey University, NZ. GPG public key available at: http://www.massey.ac.nz/~jriden/