[Avcheck] messages to the listserv

Piotr Klaban makler+avcheck@man.torun.pl
Thu, 30 Aug 2001 11:24:42 +0200


Hi,

I have a question not related directly to the software,
but to the design. What you do if the virus is directed
to the LISTSERV or listserv list (like avcheck).

Example situation:
My computer sends a virus to the avcheck list.
AV program running at innominate.org block it
and sends an information to the avcheck list,
that someone tries to send here a virus.

This is bad, as we have plenty of listserv lists
here, at the University, and many users/computers sends
viruses all the time.
The lists are not open to non-subscribers, then virusmaster
From address is blocked, but what if there would be any opened
list?
It would be good if some recipients would not get
the virus warning - a type of map db needed. 

There is also the second problem - possible looping (not tested):
-----------------------------------------------------------------

The letter with virus is bounced to the sender
with whole virus inside. If there is
a virus checker at the sender's server,
the letter can be banned and loop.

I changed the source of "infected" program (from avcheck-0.3)
for my internal use and there are no virus content
send to anyone, but only the headers (AVP can
save the infected and suspicious mails to tmp/infected
and tmp/suspicious folders). I do not want to argue
if the sender should receive the whole message or only
the headers. Maybe there is another possibility
- maybe the sender address of virus warning should be
always empty (MAIL FROM:<>). BTW - I have had some virus
warings (on the linux with old avcheck) send to
the sender called MAILER_DAEMON ;-).

And here is a suggestion
------------------------

I have two servers, that uses avcheck to check messages
in our network for now. Unfortunately many mails are checked
for viruses twice. Should not be there something as
PGP signature or something alse that can be checked
by the second server - it can know then that the viruses
were checked already.
But ... I do not know if for small letters the PGP
verify phase can be more CPU intensive than AV check.
Then PGP signature (it is only additional header
in pgpverify in usenet news, not the additional text body)
could be checked only for mails with attachments etc.

-- 
Piotr Klaban