Clueless anti-virus products/vendors (was Re: Sober)

• Previous message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Next message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Original Message ----- 
From: "Douglas Otis" <dotis at mail-abuse.org>
To: "Todd Vierling" <tv at duh.org>
Cc: "Steven M. Bellovin" <smb at cs.columbia.edu>; "Church, Chuck" 
<cchurch at netcogov.com>; <nanog at merit.edu>
Sent: Tuesday, December 06, 2005 6:26 PM
Subject: Re: Clueless anti-virus products/vendors (was Re: Sober)


>
>
> On Dec 6, 2005, at 2:15 PM, Todd Vierling wrote:
>>
>> On Tue, 6 Dec 2005, Douglas Otis wrote:
>>>
>>> Holding at the data phase does usually avoid the need for a DSN,  but 
>>> this
>>> technique may require some added (less than elegant) operations 
>>> depending upon
>>> where the scan engine exists within the email stream.
>>
>> Not my problem.  I don't need or want, and should not be hammered  with, 
>> virus "warnings" sent to forged addresses -- ever.  They are  unsolicited 
>> (I didn't request it, and definitely don't want it),  bulk (automated 
>> upon receipt of viruses by the offending server), e- mail... thus UBE.
>
> I know of no cases where a malware related DSN would be generated by  our 
> products, nevertheless, DSNs are not Unsolicited Bulk Email.

That's good Doug, and IMHO, your products should never generate them. 
However, I will disagree with you concerning the DSN being UBE. As a general 
rule, you are correct, DSN's != UBE. However, in the case of av systems 
(scanning engine and mta configurations) they can be. While I agree with you 
that the scanning engine(s) used by most of us, do not actually send reject 
notifications, the mechanisms that employ them, both commercial and open 
source, usually can, and do, unless configured not to. Some may see it as a 
violation of RFC to not return a DSN on failed delivery. Others, like myself 
see the need to not return a failure notice on virus / trojan infected email 
as it has become the norm that the sender information is forged. Especially 
those systems that contain the infected data along with the message. To many 
trojans / viri as of late, the DSN's that include the message (with 
infection) are being used as a repeater to further propogate the infection. 
Those that release these things are starting to depend on our mechanisms to 
help them spread. I, like others, prefer not to help them break the net from 
my little piece of it.

--

Mike P. 

• Previous message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Next message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]