Problem with cyrus and deleting a message with a virus.
mb/cyrus at dcs.qmul.ac.uk
mb/cyrus at dcs.qmul.ac.uk
Wed Jan 22 10:29:06 EST 2003
On Jan 21 Jonathan Marsden wrote:
>> Because (as mentioned elsewhere in this thread) lmtpd is not the
>> only way messages can be stored on an IMAP server: eg think of
>> sending a poisoned attachment, which magically ends up in your sent
>> folder.
>
>I don't see the 'elsewhere in this thread' mail yet, but anyway:
>
>This is technically correct.
>
>(a) That 'poisoned attachment' came from somewhere -- where? If from
Irrelevant question. The fact that it could happen is enough. I can't stop
my users going to someone's computer (which has no virus protection) and
connecting to my IMAP server. I have students who will no doubt use the
IMAP server as a filestore when they run out of quota on the fileserver.
>(b) That attachment in the IMAP Sent folder can't exactly do much
>damage from there... it can't be sent to anyone, since the outgoing
Imagine my answer to (a) but in reverse.
[snip]
>Just because your chosen scanner apparently does not respect this
>principle in its current (default?) configuration, does not mean the
>problem lies with Cyrus :-)
..and, conversely, you can't say your IMAP server is free from viruses
because you blindly trust your users not to do silly things.
More information about the Info-cyrus
mailing list