On Fri, 2009-01-16 at 10:50 +0000, John Levine wrote:
Therefore, if you always 5xx messages which are known to contain
malicious content, some fraction of those rejections will result in
notification messages which are likely to contain that malicious
content.
... and as Chris has told you several times, that fraction has been
observed to be less than 1/1,000,000, orders of magnitude less than
the rejections that alert real users to false positives. So stop.
Perhaps it's time to amend the ASRG charter to exclude easily
visualized but actually hypothetical threats. If you disagree that
they're hypothetical, first you have to go get real data to support
your claim.
So, just to clarify, you are saying that the view of ASRG is that if an
MTA receives a message which when checked using anti-virus software such
as Sophos or ClamAV (note this, my discussion was not about other
anti-spam techniques) give a positive, the correct course of action is
to reject the message using a 5xx response?
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg