RE: AntiVirus Replies [was: VIRUS IN YOUR MAIL]
From: Brandon Harper (lists-inet@booms.net)
Date: 10/29/01
- Next message: Kris Kennaway: "Re: BUFFER OVERFLOW EXPLOITS"
- Previous message: Brett Glass: "Re: VIRUS IN YOUR MAIL"
- In reply to: Peter Pentchev: "Re: VIRUS IN YOUR MAIL"
- Next in thread: Dave: "RE: AntiVirus Replies [was: VIRUS IN YOUR MAIL]"
- Reply: Dave: "RE: AntiVirus Replies [was: VIRUS IN YOUR MAIL]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Brandon Harper" <lists-inet@booms.net> To: <freebsd-security@freebsd.org> Date: Mon, 29 Oct 2001 14:14:25 -0700
>
> It all depends on the dosage; I suppose you would not think that
> it would be a good thing for somebody to be able to DoS a list by
> sending a little virus and firing off 250 autoresponders?
>
I'd have to agree with other people on the list that having an autoresponder
is not a bad thing. That said, let it be known I run Amavis + UVScan on my
personal server which uses an autoresponder.
Even if every address on a given mailing list were to use an "Infected
e-mail" autoresponder, I certainly wouldn't think it would cause a DOS
because:
1.) Most e-mail lists only allow authorized addresses to post to a given
mailing list. Autoresponses usually come from a administrative specific
e-mail address/alias such as postmaster, virus, etc. at a given domain.
These messages wouldn't even make it to the list in most cases, thereby not
distributing it to the mailing list, filling up /var, etc. Though the
server would have to process all of these messages, it wouldn't be a big
deal because...
2.) E-mail has very small performance hit. I won't really elaborate on this
one since its rather obvious. I've worked on some RedHat boxes that weren't
anything terribly special handling 100+ messages (both incoming and
outgoing) per second with no problems and less than 10% of CPU useage.
Obviously the throughput is effected by Procmail filters, virus scanning,
speed of the disk subsystem, available bandwidth, speed of DNS lookups,
etc., but all are pretty insignificant until you start seeing traffic levels
that I don't think autoresponders would ever generate.
FWIW: I help maintain a box for an auto club I'm involved with, and our
solution was to setup filters for anything that had attachments, as well as
HTML messages (for protection as well as elimination of HTML e-mail
annoyance), and I'd think something similar to this is a pretty common
practice for most well-maintined mailing lists.
Just my two bits. (hopefully its considered on-topic for the security list)
- Brandon
<!-- http://www.booms.net -->
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Kris Kennaway: "Re: BUFFER OVERFLOW EXPLOITS"
- Previous message: Brett Glass: "Re: VIRUS IN YOUR MAIL"
- In reply to: Peter Pentchev: "Re: VIRUS IN YOUR MAIL"
- Next in thread: Dave: "RE: AntiVirus Replies [was: VIRUS IN YOUR MAIL]"
- Reply: Dave: "RE: AntiVirus Replies [was: VIRUS IN YOUR MAIL]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
