I block a number of file extensions (all of which could contain a payload). I'd
like to block doc attachments but they are a bt everywhere. I advice people to
send as pdf (internally we usually don't do much than print/or read external
documents) or to rename the extension. At least there is a not straight forward
process, whihc gives an extra 5picosecond for people to think if it is a virus
or not.
----- Original Message -----
From: "SM" <sm(_at_)resistor(_dot_)net>
To: "Anti-Spam Research Group - IRTF" <asrg(_at_)irtf(_dot_)org>
Sent: Thursday, 15 January, 2009 3:56:34 AM (GMT+1200) Auto-Detected
Subject: Re: [Asrg] virus detectors, was where the message originated
At 04:01 14-01-2009, John Levine wrote:
When I catch a virus and the sending IP is one for whom I have a known
contact address, I send off an autoreport with the first 50 lines of
the virus (in case they're wondering what virus it is), and the first
[snip]
Nonetheless, I have problems all the time with my reports being
rejected by poorly written virus filters. In one case they've been
adding me to a virus sending blacklist, telling me that even though
they know I'm not sending viruses, their AV detects it so it must be
my fault. Sheesh.
You also get that kind of reply (if detectors says so, then it must
be true) about spam.
At 01:24 14-01-2009, David Wilson wrote:
I would be surprised if a non-malicious message would fall foul of AV
software unless it contained some kind of executable content. It should
not be surprising that a message with executable content runs into
problems.
The usual document formats (PDFs, .doc, etc) are also scanned for
viruses nowadays. They can fall foul of Anti-virus software. The
report (see first paragraph above) would have helped in identifying
problems if the postmaster actually cared about mail delivery.
Regards,
-sm
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg