[vox-tech] the answer to all my virus problems

Ken Bloom vox-tech@lists.lugod.org
Sun, 21 Sep 2003 01:57:08 -0700


--4Ckj6UjgE2iN1+kY
Content-Type: text/plain; Format=Flowed; DelSp=Yes; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


On 2003.09.20 22:10, p@dirac.org wrote:
> On Sat 20 Sep 03,  9:20 PM, Ken Bloom <kabloom@ucdavis.edu> said:
[Snip older quotings]
> > Umm, please consider the golden rule when sending reject messages.
> > Do not unto others as you would not want done unto you.
> > This can go two ways though because you might not want your legit
> > messages silently dropped. You be the judge.
>=20
> umm, there must be some kind of confusion here.
>=20
> these messages aren't silently dropped.  they're rejected.  there's a
> big difference...
>=20
> that's why they're called "reject messages".    :-)
>=20
> pete

I'll clarify. Do not unto others as you would not want done unto you,
There are two situations I specifically had in mind here. I only wrote =20
one out and it was kind of confusing, so I appologize for that.

(a) Supposing a Klez-like virus got dropped by this filter: you would     =
=20
send out a rejection message to the wrong sender - and I know you've =20
all been trying to rig your mailers to ignore these rejection messages =20
(Bill Kendrick mentioned wanting to do this earlier in the thread). =20
Hence, do not unto others as you would not want done unto you.

I thought (a) was fairly obvious, but I guess not.

(b) Supposing you decided to spare others from being falsely accused of =20
sending viruses. You would decide then to silently drop all incoming =20
exe attachments. Supposing one of your messages to someone else were to =20
match the pattern. I assume because you all use Linux that that message =20
would have some useful content in it, not spam and not (heaven forbid) =20
a virus. You would not want that message silently dropped because it =20
has useful information in it. Hence, you need to consider in this case =20
also: do not unto others as you would not want done unto you.

I think silently dropping .exe messages is probably a better solution, =20
because false positives for .exe messages are going to be extremely =20
rare (especially since you use Linux), but sending reject messages to =20
innocent parties will happen fairly frequently. (Unless I'm =20
misunderstanding how our mail system sends reject messages)

--
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.
My key was last signed 6/10/2003. If you use GPG, *please* see me about
signing the key. ***** My computer can't give you viruses by email. ***

--4Ckj6UjgE2iN1+kY
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQA/bWfklHapveKyytERAph2AJ91AXVeXfb3m12AIZDq6WAdeka3xACfQUur
Y5zU+L1Ekmhq6DikFGLhwl4=
=VFcS
-----END PGP SIGNATURE-----

--4Ckj6UjgE2iN1+kY--