[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] RaQ2 - CERT virus rule for sendmail - question
- Subject: Re: [cobalt-users] RaQ2 - CERT virus rule for sendmail - question
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Mon May 8 09:21:35 2000
- Organization: nobaloney.net
Dan wrote:
> > Why not just refuse anything containing VBscript?
> > Is there *any* reason for somebody to send it?
> >
> Nope. That's what FTP is for.
Dan, and everyone else...
I've been following this thread and another, similar but much more
technical thread on "list@xxxxxxxxxxxxxxx".
Censoring email by content is a losing battle. Sooner or later
something will go through, and your customer will be damaged. The
current worm (the general concensus is that it's not really a virus; I
consider is trojan horse more than anything else, but most professionals
are now calling it a worm) destroys image files. What if the next one
destroys accounting systems, and you somehow let it through?
And your customers didn't take any action because they thought you,
their ISP, were protecting them?
In the United States, case law (at the level of the quite-prestigious
New York State Supreme Court) says if you censor, you become fully
responsible for what goes through.
Nope, after a lot of thought we and a lot of other professional ISPs
have decided to do nothing at all.
I'm on a lot of lists, and my email addresses are published in a lot of
places. And I have a lot of correspondents, including some who are quite
naieve. I've gotten only one copy of the "iloveyou" worm so far. I've
kept it for my archives as a text-file; if I ever retire I may have time
to study it and learn from it <smile>. But I haven't filtered it.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA 92517
voice: (909) 787-8589 * fax: (909) 782-0205