Re: per user post-data rejects, Processing after the end of DATA
2010-08-12 23:53:49
John Levine wrote:
"Spam" filters might include virus scanning, too, and the false
positive rates on virus scanning have gotten totally out of hand in
the past year or so.
I believe you, but what kind of AV is going to decide it's a virus for
one recipient but not for the other?
An AV that's configured with different rules for different recipients.
Unlikely in firewall/appliance or in a departmental MTA; painfully
common in hosted / cloud computing.
For example, a hosted security suite might use multiple AV engines, some
of which work in real time and others that require offline processing.
The real time filter is more prone to false positives, but can reject at
the SMTP layer. The offline one is more accurate, but is noticeably
slower, has lower privacy guaranties, and must deliver to quarantine
(cannot reject, must not NDN).
So: the customer decides that for those users that require strict
privacy or that are stupid enough to hurt themselves by delivering a
live virus from quarantine, get the real-time filter. The more
sophisticated users get the better filter, particularly if they've been
incentivized to use it because it generates signatures that can improve
the accuracy of the real-time filter.
If I could have coded the above, I would have. But I couldn't figure out
a way to make it work. Compromise: put everything in quarantine, but
only allow users with administrative privileges the ability to deliver
from quarantine.
Actually, cloud computing is going to be weighing more and more on these
issues.
IMHO, users stupid enough to download and run a self-extracting zip that
was flagged in Large, Unfriendly Letters as malware deserve what they
get. But I get paid to not think that way. ;-)
<csg>
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: per user post-data rejects, Processing after the end of DATA, (continued)
- Re: per user post-data rejects, Processing after the end of DATA, Steve Atkins
- Re: per user post-data rejects, Processing after the end of DATA, Tony Finch
- Re: per user post-data rejects, Processing after the end of DATA, Douglas Otis
- Re: per user post-data rejects, Processing after the end of DATA, John R Levine
- Re: per user post-data rejects, Processing after the end of DATA, ned+ietf-smtp
- Re: per user post-data rejects, Processing after the end of DATA, Carl S. Gutekunst
- Re: per user post-data rejects, Processing after the end of DATA, John Levine
- Re: per user post-data rejects, Processing after the end of DATA,
Carl S. Gutekunst <=
- Re: per user post-data rejects, Processing after the end of DATA, Ray Bellis
- Re: per user post-data rejects, Processing after the end of DATA, Carl S. Gutekunst
- Re: per user post-data rejects, Processing after the end of DATA, Ray Bellis
- Re: per user post-data rejects, Processing after the end of DATA, Hector Santos
- Re: per user post-data rejects, Processing after the end of DATA, Carl S. Gutekunst
- Re: per user post-data rejects, Processing after the end of DATA, Hector Santos
- Re: per user post-data rejects, Processing after the end of DATA, Hector Santos
- Re: per user post-data rejects, Processing after the end of DATA, Hector Santos
- Re: Processing after the end of DATA, Arnt Gulbrandsen
- Re: Processing after the end of DATA, Robert A. Rosenberg
|
|
|