Clueless anti-virus products/vendors (was Re: Sober)
Micheal Patterson
micheal at tsgincorporated.com
Wed Dec 7 16:43:05 UTC 2005
----- Original Message -----
From: "Douglas Otis" <dotis at mail-abuse.org>
To: "Todd Vierling" <tv at duh.org>
Cc: "Steven M. Bellovin" <smb at cs.columbia.edu>; "Church, Chuck"
<cchurch at netcogov.com>; <nanog at merit.edu>
Sent: Tuesday, December 06, 2005 6:26 PM
Subject: Re: Clueless anti-virus products/vendors (was Re: Sober)
>
>
> On Dec 6, 2005, at 2:15 PM, Todd Vierling wrote:
>>
>> On Tue, 6 Dec 2005, Douglas Otis wrote:
>>>
>>> Holding at the data phase does usually avoid the need for a DSN, but
>>> this
>>> technique may require some added (less than elegant) operations
>>> depending upon
>>> where the scan engine exists within the email stream.
>>
>> Not my problem. I don't need or want, and should not be hammered with,
>> virus "warnings" sent to forged addresses -- ever. They are unsolicited
>> (I didn't request it, and definitely don't want it), bulk (automated
>> upon receipt of viruses by the offending server), e- mail... thus UBE.
>
> I know of no cases where a malware related DSN would be generated by our
> products, nevertheless, DSNs are not Unsolicited Bulk Email.
That's good Doug, and IMHO, your products should never generate them.
However, I will disagree with you concerning the DSN being UBE. As a general
rule, you are correct, DSN's != UBE. However, in the case of av systems
(scanning engine and mta configurations) they can be. While I agree with you
that the scanning engine(s) used by most of us, do not actually send reject
notifications, the mechanisms that employ them, both commercial and open
source, usually can, and do, unless configured not to. Some may see it as a
violation of RFC to not return a DSN on failed delivery. Others, like myself
see the need to not return a failure notice on virus / trojan infected email
as it has become the norm that the sender information is forged. Especially
those systems that contain the infected data along with the message. To many
trojans / viri as of late, the DSN's that include the message (with
infection) are being used as a repeater to further propogate the infection.
Those that release these things are starting to depend on our mechanisms to
help them spread. I, like others, prefer not to help them break the net from
my little piece of it.
--
Mike P.
More information about the NANOG
mailing list