Clueless anti-virus products/vendors (was Re: Sober)

Christian Kuhtz kuhtzch at corp.earthlink.net
Mon Dec 5 03:33:18 UTC 2005



Better safe than sorry.  Unless you can determine that it isn't  
forged, you shouldn't be sending anything because there is so much  
out there forging From: addresses (or To: for that matter, with Bcc:).

So, this isn't about ideal vs ok-close-enough.  Don't send me crap  
unless you have a reasonable level of confidence.  I don't believe  
that you can pass a straight face test with virus scanning responses  
on that one.

If you can, I think you need your head examined ;-)

On Dec 4, 2005, at 10:27 PM, Church, Chuck wrote:

>
> What about all the viruses out there that don't forge addresses?
> Sending a warning message makes sense for these.  Unless someone has
> done the research to determine the majority of viruses forge  
> addresses,
> you really can't complain about the fact that the default is to warn.
> Calling vendors 'clueless' because a default doesn't match your  
> needs is
> a little extreme, don't you think?  The ideal solution would be for  
> the
> scanning software to send a warning only if the virus detected is  
> known
> to use real addresses, otherwise it won't warn.
>
>
> Chuck
>
>
> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On  
> Behalf Of
> Todd Vierling
> Sent: Sunday, December 04, 2005 4:53 PM
> To: W.D.McKinney
> Cc: nanog at merit.edu
> Subject: RE: Clueless anti-virus products/vendors (was Re: Sober)
>
>
> On Sun, 4 Dec 2005, W.D.McKinney wrote:
>
>>> (Virus "warnings" to forged addresses are UBE, plain and simple.)
>>
>> Since when? I disagree.
>
> UBE = "unsolicited bulk e-mail".
>
> Which of those three words do[es] not apply to virus "warning"
> backscatter
> to forged envelope/From: addresses?  Think carefully before answering.
>
> -- 
> -- Todd Vierling <tv at duh.org> <tv at pobox.com> <todd at vierling.name>




More information about the NANOG mailing list