anomy-list

RE: Re: Re: swen virus

From: Brent Kennedy (95779@xyz.molar.is)
Date: Mon 06 Oct 2003 - 01:39:26 GMT

  • Next message: Systems Administrator: "RE: Re: Re: swen virus"

    The bad address would be my fault.. I am responding via the web interface.
    Sometimes I type to fast and double key letters :P

    I agree that it wouldn't work for outgoing, but maybe you could setup a
    central quarantine for outgoing and have someone there look at it when
    something gets nabbed.. you could then, depending on what happened, be
    proactive in letting the customer know they have a virus or whatnot. Maybe
    have it send a message back to the sender that their mail had been held
    because of (fill in the blank). Or you could just scan outgoing, if nothing
    found, just let it pass. Atleast you are stopping it before it wastes
    bandwidth.

    I come from the angle of: the less I have to do, the better. meaning less
    admin overhead, but it all depends on how much this is worth to you and how
    much of a problem it really is. I personally would just scan outgoing and
    have notices setup to notify the user of virus activity.

    Its too bad that no one has a way to detect virus like activity, say the
    same attachment to 15+ people all at once shortly after the person pulled
    down their email. That would be REALLY nifty in finding and eliminating new
    threats as well as saving bandwidth.

    Me being the US, I tend to forget about bandwidth limitations on my end
    because I don't pay for a certain amount per month.

    -----Original Message-----
    From: Systems Administrator [mailto:95819@xyz.molar.is]
    Sent: Sunday, October 05, 2003 9:19 PM
    To: Brent Kennedy
    Cc: 95860@xyz.molar.is
    Subject: Re: [anomy-list]: Re: Re: swen virus

    On Mon, 6 Oct 2003, Brent Kennedy wrote:

    > Well, what about the quarantine option, force filtering for every
    > users(spam and attachment), but have a quarantine setup for each
    > individual user that deletes at every so often (either set by user or
    > global). That way, they get what they want, but are not exposed, unless
    > they choose to be, to the quarantine. You could set that up thru
    > webmail only. That way you can avoid all the bad attachments and
    > worries about clients accidentally setting stuff off. But they will
    > still be able to get the email they are missing.

            Yeah, I guess that's what I'm looking at long term. I just hadn't
    thought of it as a quarantine. Excuse my stupidity. Only thing that
    doesn't work for is outgoing :).

            Incidentally, I got the following last time I replied to you:

    -----
                               UNDELIVERABLE MAIL

    Your message to the following recipients cannot be delivered:

    <95910@xyz.molar.is>:
    <<< No such domain.
    -----

            However, the mailing list seems to be getting through to you OK.
    Just thought since I was sending to the list anyway, I'd mention this.

    --
    Tim Nelson
    Systems Administrator
    Sunet Internet
    Tel: +61 3 5241 1155
    Fax: +61 3 5241 6187
    Web: http://www.sunet.com.au/
    Email: 95819@xyz.molar.is
    



    hosted by molar.is