Is virus scanning interception?

[Ian G Batten]

On Wed, 17 Jul 2002, Peter Fairbrother wrote:

> Charles Lindsey wrote:
> [...]
> >> 
> >> The test is if he does one of the acts in s2(3) in order to be able to look
> >> at it. He doesn't have to actually look at it for it to be an offence.
> > 
> > Then you are asking for his "intent" when setting up the virus scan (the
> > law is quite used to considering "intent" when the necessity arises).
> > In the scenario I quoted, his intent was merely that the message be
> > deposited in one or other of the boxes until the recipient took some
> > action. He had no plans to read it. So on that basis there was no
> > interception.
> 
> 
> The Act says "so" [do some thing] "as to" make available. IANAL, interpret
> as you like. 
> 
> However, I believe running the virus scan would make content available to
> the person who ran it.

Where would that leave backup MX records?  My private domain has,
because of where it's hosted, a backup MX pointing at a large
organisation's front-of-house mailer.  If my machine is inaccessible,
the mail sits in their queue until it is.  Are they intercepting my
mail?  After all, the virus quarantine directory is no more or less
secure than than /var/spool/mqueue (OK, they run Exim, but you know what
I mean).

Taking this point further, I presume you'd hold that any ISP which
transparently proxies SMTP, so that a customer who types ``telnet
some.external.dom.ain 25'' will always end up on the ISP's mail system
is conducting interception?  This trick also allows them to log traffic
data which would not otherwise be (practically) accessible.  This
scenario I have always felt to be much iffier, so here I may be inclined
to agree with you.

ian