Issue 26049

Summary: Install Antivirus Solution on the Mailserver
Product: Infrastructure Reporter: eric_openoffice
Component: Mailing listsAssignee: Unknown <non-migrated>
Status: CLOSED DUPLICATE QA Contact: issues@www <issues>
Severity: Trivial    
Priority: P3 CC: andre.schnabel, issues, lohmaier, lsuarezpotts, maand, pavel, scarr, stx123
Version: currentKeywords: oooqa
Target Milestone: ---   
Hardware: All   
OS: All   
Issue Type: TASK Latest Confirmation in: ---
Developer Difficulty: ---
Description Flags (deleted)
none (deleted)
none (deleted)
Example ProcMail Recipes to remove virus emails from moderates none

Description eric_openoffice 2004-03-02 17:02:16 UTC
Is it possible to install an Antivirus Solution on the Mailserver and let it
check all incomming messages? 

Or at least cut of all Attachments to the Mailinglist. 

Today we had the W32.Netsky.D@mm Virus on the german users mailinglist and this
is no good advertising for us being accused of spreading viruses via our users

More Informations on the virus can be found here
Comment 1 andreschnabel 2004-03-02 18:26:19 UTC
to add a note:
there are some issues dealing with mail filters / attachments
e.g. 943, 1476, 7445

these are set to "resolved later" although currently implemented. 
Comment 2 pavel 2004-03-02 18:54:41 UTC
The same affected Czech mailing lists. Thus we have to moderate them.

See #i26030#.
Comment 3 Unknown 2004-03-04 06:36:55 UTC
As you mentioned there are internal issues which keeps track of the Antivirus 

I have updated the PCN 11771 which is for cut of all Attachments to the Mailinglist.

- Priya
Comment 4 pavel 2004-03-08 10:22:40 UTC
*** Issue 26030 has been marked as a duplicate of this issue. ***
Comment 5 andreschnabel 2004-03-10 21:47:30 UTC
could you please take care about the mailinglist? 
Today We had two virusses delivered to about 500 users.

I did delete them from the archive as I don't want the to be a source for even
more viruses.
Comment 6 Unknown 2004-03-11 06:19:16 UTC
I have updated the internal issue about this and the engineers are working on 
this. Will update here by tomorrow about the update by the engineers.

Thanks for the patience.

- Priya
Comment 7 Unknown 2004-03-24 14:38:36 UTC
Engineers are currently researching on stripping the attachments of certain 
mime types 
will update as soon as it is done

Comment 8 andreschnabel 2004-06-29 18:31:15 UTC
is there any update on this isssue?
Germanophone project's users list ( still continues to
deliver virusses to more than 500 users.

I'll start to attach every virus I've found her on the issue.
Comment 12 lohmaier 2004-07-03 14:12:52 UTC
easiest solution: Strip all non-plaintext attachments

even easier: strip *all* attachments.
Comment 13 stx123 2004-07-06 14:56:55 UTC
I would recommend to add application/x-zip-compressed to the list of stripped
mime types ( see issue 8084 ).
And please check whether attachment stripping is on for the lists
Comment 15 andreschnabel 2004-07-16 20:11:00 UTC is hit by approx 120 virus mails per day, that have to
be rejected by moderators (that means we actually has twice as much virus mails
as valid posts).
I would expect, that this is even worse on global lists.

So even a basic solution would ease our work and lower the traffic. Would be
nice to hear (and see), that something would be done about this issue.
Comment 16 dcarrera 2004-07-18 09:19:10 UTC
Stripping attachments is not enough.  The marketing list is being hit by
thousands of email attachments.  At one point last week they were comming at a
rate of 1 per second.  Stripping attachments does nothing to reduce the volume
of emails the moderators have to go through.

We need to have actual mail filters as well as spam filters.  We can't expect
moderators to keep up with this volume of junk.

How about a bayesian spam filter?  Like spam-assassin for example.  A
properly trained filter will be almost as good as a human at identifying
spam (ie. 99% accurate).  If CollabNet installs SpamAssassin we can then
leave it up to each moderator to decide if she wants to train it and use
it.  But let's at least have that option there.

Comment 17 lsuarezpotts 2004-07-22 19:54:50 UTC
we can strip *all* attachments to dev@marketing but that won't stop the spam sent to the list by 
nonsubscribed persons. It will simply stop attachments getting through by subscribed (or moderated 
through) posters.

We can put in a more sophisticated filter but then Sun must pay for that and file an SOW (Statement of 
Work).  Even then, it would take a while. SourceCast is a big application and ad hoc additions are 
possible but must be tested thoroughly before they are deployed.

More immediately, the moderators can do what I do for the lists to which I am a moderator (a lot): filter 
mail on my own box. The drawback is that I do need for this broadband.  But the filtering works quite 
well (I use Bayesian on my box).
Comment 18 pavel 2004-07-22 23:18:48 UTC
louis: your proposal is quite good. I can confirm that being a moderator of
Czech lists, I'm able to reduce spam by my own spam filters.

I see two solutions without CN being involved (almost ;-):

- redirect MX for to systems that are *outside* CN/SC. Those
systems would do plain spam and antivirus filtering and resent mails to CN's
current MXes for Current MXes will accept mail only from new
spam/AV filtering machines. This is inbound mail from external world. Internal
mails (IZ, ...) would be sent without filtering.

- a modification of this idea: "set all lists as moderated.". Setup this pseudo
moderator on good machine with updated AV and spam-filtering and setup
autoresponder for all messages that are clean (no-spam, no virus) ;-))

Method 2 would be completely without CN.

Comment 19 lsuarezpotts 2004-07-27 06:08:50 UTC
the latest MyDoom has been very unpleasant.  Moderators are complaining that virus mail needs to be 
filtered prior to hitting the moderators' inbox.

brian: what is the schedule on that possibility? Meanwhile, I'll see if an SOW is relevant here.
Comment 20 jacqueline.mcnally 2004-07-27 06:34:33 UTC
*** Issue 31330 has been marked as a duplicate of this issue. ***
Comment 21 scarr 2004-07-27 06:34:50 UTC
I can confirm as well.  By using a simple .procmailrc, I can filter out more
than 99% of my wifes moderates.  Her nick is CLCARR.

I will attach the procmail recipes I am using in a little bit.
Comment 22 scarr 2004-07-27 06:38:15 UTC
Created attachment 16787 [details]
Example ProcMail Recipes to remove virus emails from moderates
Comment 23 scarr 2004-07-27 06:39:42 UTC
The attached Recipe file mabye a little too deep.  If you see a problem with it
let me know.
Comment 24 lsuarezpotts 2004-07-28 03:07:06 UTC
*** Issue 32137 has been marked as a duplicate of this issue. ***
Comment 25 Unknown 2004-10-29 18:04:17 UTC

Can you please verify if this issue can be marked as duplicate of Issue 943?
Comment 26 scarr 2004-10-29 19:22:35 UTC
I thought all Attachments were removed by default, now.

Or was that only Users, and discuss lists?
Comment 27 lsuarezpotts 2004-10-30 18:33:57 UTC
Ani is just going through issues and updating them. Attachments are filtered according to an extensive 
mime type list but this is not done by default. We have to request it.  We would further like for there to 
be a UI feature enabling it.

This issue probably is a duplicate of 943, which does not however point to PCN 11771, which is the 
crucial PCN (CollabNet internal) issue. 943 is marked resolved later.  
I have added 11771 to the status whiteboard of 943.

*** This issue has been marked as a duplicate of 943 ***
Comment 28 stx123 2004-10-31 17:21:07 UTC
For those who read comments on resolved issues... :-)

An Anti-Virus Solution is not the same as attachment stripping. Attachment
stripping is a humble work around to for the problem with virus messages. But
OTH attachment stripping can be useful to keep list volume (in bytes) low and
deserves a usable implementation as requested in 943.

So I don't think this issue is a duplicate to issue 943. But there is issue 1476
requesting virus scanning integrated in SC.
Comment 29 ace_dent 2008-05-17 21:06:13 UTC
The Issue you raised has been marked as 'Resolved' and not updated within the
last 1 year+. I am therefore setting this issue to 'Verified' as the first step
towards Closing it. If you feel this is incorrect, please re-open the issue and
add any comments.

Many thanks,
Cleaning-up and Closing old Issues
~ The Grand Bug Squash, pre v3 ~
Comment 30 ace_dent 2008-05-17 23:08:08 UTC
As per previous posting: Verified -> Closed.
A Closed Issue is a Happy Issue (TM).