From owner-freebsd-security Mon Oct 29 13:14:28 2001 Delivered-To: freebsd-security@freebsd.org Received: from shadow.booms.net (shadow.booms.net [204.188.101.238]) by hub.freebsd.org (Postfix) with ESMTP id B6A0137B403 for ; Mon, 29 Oct 2001 13:14:22 -0800 (PST) Received: from cortsen (c1735868-a.arvada1.co.home.com [65.7.159.215]) by shadow.booms.net (8.11.1/8.11.1) with SMTP id f9TLIGw35549 for ; Mon, 29 Oct 2001 14:18:16 -0700 (MST) (envelope-from lists-inet@booms.net) From: "Brandon Harper" To: Subject: RE: AntiVirus Replies [was: VIRUS IN YOUR MAIL] Date: Mon, 29 Oct 2001 14:14:25 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <20011029194035.B584@straylight.oblivion.bg> Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > It all depends on the dosage; I suppose you would not think that > it would be a good thing for somebody to be able to DoS a list by > sending a little virus and firing off 250 autoresponders? > I'd have to agree with other people on the list that having an autoresponder is not a bad thing. That said, let it be known I run Amavis + UVScan on my personal server which uses an autoresponder. Even if every address on a given mailing list were to use an "Infected e-mail" autoresponder, I certainly wouldn't think it would cause a DOS because: 1.) Most e-mail lists only allow authorized addresses to post to a given mailing list. Autoresponses usually come from a administrative specific e-mail address/alias such as postmaster, virus, etc. at a given domain. These messages wouldn't even make it to the list in most cases, thereby not distributing it to the mailing list, filling up /var, etc. Though the server would have to process all of these messages, it wouldn't be a big deal because... 2.) E-mail has very small performance hit. I won't really elaborate on this one since its rather obvious. I've worked on some RedHat boxes that weren't anything terribly special handling 100+ messages (both incoming and outgoing) per second with no problems and less than 10% of CPU useage. Obviously the throughput is effected by Procmail filters, virus scanning, speed of the disk subsystem, available bandwidth, speed of DNS lookups, etc., but all are pretty insignificant until you start seeing traffic levels that I don't think autoresponders would ever generate. FWIW: I help maintain a box for an auto club I'm involved with, and our solution was to setup filters for anything that had attachments, as well as HTML messages (for protection as well as elimination of HTML e-mail annoyance), and I'd think something similar to this is a pretty common practice for most well-maintined mailing lists. Just my two bits. (hopefully its considered on-topic for the security list) - Brandon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message