Re: [xml] Virus Emails

[Igor Zlatkovic <igor zlatkovic com>]

Paul Robert Hayes wrote:
> I, too, am concerned about the longer term growing virus problems 
> because I am seeing them from other list servers besides XML.
>
> What virus protection software is used on the servers?  Any?  Or is it 
> just filters for headers, etc.  Is this something that GNU should, 
> could,would provide as a service?  Are the opensource (A slew are listed

GNU (I assume you mean FSF) has obviously nothing to do with lists on 
gnome.org. It is a different gang.

> on freshmeat.net) virus protections or commercial (Sophos, et cetera) 
> being utilized on the server?  What is gnome.org's direction in 
> implementing longer term solutions to virus protection?  I think having 
> a slew of useless emails coming from the @gnome.org doesn't look good 
> (even if it is not their fault).  Yes, I know there are no solutions 
> contained herein, however perhaps we could talk through to a solution 
> workable for everyone (well most people).

A MTA responsible for this mailing list is likely responsible for other 
gnome.org mailing lists. I doubt that this list is treated in any 
special way. The setup of that MTA, or it's use of virus scanners, is 
better discussed elsewhere. That not because it is off-topic, it does 
concern us all, but because all gnome.org lists are equally involved. 
That other place, that "elsewhere", is where administrators of those 
mail servers can hear you. There will be more information there.

Just don't ask me where that place is. ;-)

> Some of these questions perhaps should not even be considered in the 
> open email forum.  However, a smaller group may be able to address the 
> problems and help Daniel Veillard out.

The best way to help Daniel is to take care of yourself. If he knows 
that his subscribers have secured themselves, then he doesn't need to 
worry about being blamed for someone's grief.

Everyone must realise that mailing lists are not a secure medium. The 
subscription system fights spam successfully, but has little chance 
against self-spreading worms. Because it was never designed for a battle 
against its own subscribers.

The excellent Bruce Schneier's "Applied Cryptography" was for 
professionals with high security demands at the time it was written. 
Today it seems our ten year old kids must study its security aspects 
before they can play with the home computer without suffering damage 
from the faceless.

Simply put, protect yourself. Build your walls, but never believe you 
are safe. Rather assume that your walls will fall sooner or later and 
take care to detect the breach and minimise the damage. With that, not 
to mention your own benefit, you will give Daniel and every other list 
maintainer more help than they ever hoped for.

That being said, I would gladly address the problems and discuss about 
the ways to make the list traffic more secure. I have some ideas, even 
if they are a bit radical. But I do think this duscussion should not be 
held on this mailing list.

Ciao,
Igor