[Esd-l] Disable sender notification from local rules
Pierre Etchemaite
petchema at concept-micro.com
Mon May 24 07:45:48 PDT 2004
Hi all,
As we know, those days most viruses use forged sender addresses. While
there's no 100% reliable way to detect forged addresses, and that the "smart
reply" feature of procmail-security gives a reasonable level of both false
positive and false negative, some notifications can still be avoided when
the author of the message has been recognized to be a known forging virus
(by local rules).
In fact, some receipes of the proposed local rules already disable sender
notification. Why not generalize that mecanism, since most rules would
benefit from it ?
I wrote some patches. I used Symantec advisories to check which viruses use
fake sender addresses, and which don't (sadly it's not always very clear in
the advisories). So, no guarantees.
ftp://blade.concept-micro.com/procmail-security/html-trap.procmail.diff
ftp://blade.concept-micro.com/procmail-security/local-rules.procmail.diff
More information about the esd-l
mailing list