Clueless anti-virus products/vendors (was Re: Sober)

• Previous message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Next message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>-----Original Message-----
>From: Daniel Senie [mailto:dts at senie.com]
>Sent: Friday, December 2, 2005 11:27 AM
>To: nanog at nanog.org
>Subject: Clueless anti-virus products/vendors (was Re: Sober)
>
>
>At 03:12 PM 12/2/2005, Michael Loftis wrote:
>
>
>
>>--On December 2, 2005 2:02:15 PM -0600 Dennis Dayman 
>><dennis at thenose.net> wrote:
>>
>>>
>>>Interested, but I see many Sober postings and outages on other lists and
>>>not here...has anyone been having issues? I know the ISP's are fighting
>>>the living out of the virus.
>>
>>I've been seeing a few really large bursts into our mailserver.  Not 
>>sure if it's a new variant or a reoccurrence of an old strain.  I 
>>put in a good number of new port 25 inbound blocks for infected 
>>systems and attempted to put up a few checks inside of our front end 
>>mail servers rather than in the virus and spam filtering (which 
>>happens later for us, so for bad surges we put a few custom rules up 
>>front early in postfix).
>
>Only stuff we're seeing is a lot of blowback from dumb mail systems 
>that accept email, THEN scan for viruses, and ultimately decide to 
>send a note back to the From: address in the body of the infected 
>email. Since the From: is invariably forged, the uninvolved owner of 
>those forged email addresses gets hammered.
>
>Can people building virus scanning devices PLEASE GET A %^&*^ CLUE? 
>This means you, Barricuda Networks, more than anyone else, but we 
>also see this annoyance from Symantec devices, and from some AOL 
>systems as well.
>

It's a simple switch in the GUI of Barracuda Networks to turn of this annoyance. More operator error than Barracuda's fault, IMHO.

-Dee




>Blasting a note back does two things:
>
>1. It allows the worm or virus author an opportunity to implement an 
>amplified attack on a third party using your filtering systems.
>
>2. The bounce messages mostly include an advertisement for the 
>filtering box's vendor. Get a clue... this is a REALLY negative 
>advertisement for your spam & virus filtering technology. If you 
>can't manage to realize the virus laden email should perhaps be 
>dropped, then it makes your box look poorly designed.
>
>Oh, and please delete the infected file rather than sending that along too.
>
>OK, off my soapbox.
>
>Dan
>
>

• Previous message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Next message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]