Clueless anti-virus products/vendors (was Re: Sober)

• Previous message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Next message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 10:27 PM 12/4/2005, Church, Chuck wrote:

>What about all the viruses out there that don't forge addresses?

As others have noted, these are so far lost in the noise as to not be a factor.

>Sending a warning message makes sense for these.

Why? Because you need to be the one to tell the sender they are 
infected? Let sites patrol their own users.

Furthermore, if you did your virus scanning during the SMTP 
transaction, you'd be able to send back a 5xx error response during 
the transaction, thereby avoiding any concern about spamming an 
innocent third party.

>   Unless someone has
>done the research to determine the majority of viruses forge addresses,
>you really can't complain about the fact that the default is to warn.

As others have noted, the vendors can and should know.

>Calling vendors 'clueless' because a default doesn't match your needs

Excuse me, I think you may notice that a LOT of folks have piped up 
on this issue. The simple fact is as configured many vendors spam 
third parties adding to the noise floor. While backbone operators 
might in fact make a bit extra as a result, those of us who actually 
pay for bandwidth do not appreciate it. We certainly can and do 
blacklist sites that hammer us with bogus bounces, just the same as 
we'd block any company knowingly sending us undesired email.

>  is
>a little extreme, don't you think?  The ideal solution would be for the
>scanning software to send a warning only if the virus detected is known
>to use real addresses, otherwise it won't warn.

See question above, re: why do you think it's your systems' place to 
police the rest of the Internet, sending warnings out? Either reject 
virus-laden email during the SMTP session, or quietly own it (and 
dispose of it).



>Chuck
>
>
>-----Original Message-----
>From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
>Todd Vierling
>Sent: Sunday, December 04, 2005 4:53 PM
>To: W.D.McKinney
>Cc: nanog at merit.edu
>Subject: RE: Clueless anti-virus products/vendors (was Re: Sober)
>
>
>On Sun, 4 Dec 2005, W.D.McKinney wrote:
>
> > > (Virus "warnings" to forged addresses are UBE, plain and simple.)
> >
> > Since when? I disagree.
>
>UBE = "unsolicited bulk e-mail".
>
>Which of those three words do[es] not apply to virus "warning"
>backscatter
>to forged envelope/From: addresses?  Think carefully before answering.
>
>--
>-- Todd Vierling <tv at duh.org> <tv at pobox.com> <todd at vierling.name>

• Previous message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Next message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]