Russell Fulton
On Fri, 2005-01-21 at 21:37 +1300, Mark Foster wrote:
The reason I ask is that i've seen at least one ISP to whom i've reported viral infections to recently actually reject the report, because of the 'illegal file attatchment' (where the criteria used was the file extension... not even viral code within the attatchment)... So I had to manually copy/paste headers only to get my point across.
We do not rely on Mime Types or file extensions. We examine actual file contents to determine type.
If someone were stupid enough to send a live virus (or any executable file) to abuse/security(a)auckland.ac.nz then, if the attachment matched virus signatures the mail would be silently deleted.
Same here - abuse@ is AV scanned but doesn't have any form of spam filtering. If anyone wants to send actual malware samples, it's easy enough to encrypt it using PGP or WinZip. Incidentally, I think the last time I submitted a sample to an AV vendor, they wanted it in a password protected zip file. Wrt. Mail Marshal, it's perfectly possible to configure it to silently drop 'bad' email rather than bouncing it to the purported sender. cheers, Jamie -- James Riden / j.riden(a)massey.ac.nz / Systems Security Engineer Information Technology Services, Massey University, NZ. GPG public key available at: http://www.massey.ac.nz/~jriden/