Clueless anti-virus products/vendors (was Re: Sober)
Christian Kuhtz
kuhtzch at corp.earthlink.net
Mon Dec 5 03:33:18 UTC 2005
Better safe than sorry. Unless you can determine that it isn't
forged, you shouldn't be sending anything because there is so much
out there forging From: addresses (or To: for that matter, with Bcc:).
So, this isn't about ideal vs ok-close-enough. Don't send me crap
unless you have a reasonable level of confidence. I don't believe
that you can pass a straight face test with virus scanning responses
on that one.
If you can, I think you need your head examined ;-)
On Dec 4, 2005, at 10:27 PM, Church, Chuck wrote:
>
> What about all the viruses out there that don't forge addresses?
> Sending a warning message makes sense for these. Unless someone has
> done the research to determine the majority of viruses forge
> addresses,
> you really can't complain about the fact that the default is to warn.
> Calling vendors 'clueless' because a default doesn't match your
> needs is
> a little extreme, don't you think? The ideal solution would be for
> the
> scanning software to send a warning only if the virus detected is
> known
> to use real addresses, otherwise it won't warn.
>
>
> Chuck
>
>
> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On
> Behalf Of
> Todd Vierling
> Sent: Sunday, December 04, 2005 4:53 PM
> To: W.D.McKinney
> Cc: nanog at merit.edu
> Subject: RE: Clueless anti-virus products/vendors (was Re: Sober)
>
>
> On Sun, 4 Dec 2005, W.D.McKinney wrote:
>
>>> (Virus "warnings" to forged addresses are UBE, plain and simple.)
>>
>> Since when? I disagree.
>
> UBE = "unsolicited bulk e-mail".
>
> Which of those three words do[es] not apply to virus "warning"
> backscatter
> to forged envelope/From: addresses? Think carefully before answering.
>
> --
> -- Todd Vierling <tv at duh.org> <tv at pobox.com> <todd at vierling.name>
More information about the NANOG
mailing list