Clueless anti-virus products/vendors (was Re: Sober)

• Previous message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Next message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Dec 4, 2005, at 8:04 PM, Steven M. Bellovin wrote:

>  "Church, Chuck" writes:
>>
>> The ideal solution would be for the scanning software to send a  
>> warning only if the virus detected is known to use real addresses,  
>> otherwise it won't warn.
>
> A-V companies are in the business of analyzing viruses.  They  
> should *know* how a particular virus behaves.

It is common to find detailed descriptions offered by the company  
that indicates the behavior of the detected virus, which often  
includes spoofing the bounce-address.  A less than elegant solution  
as an alternative to deleting the message, is to hold the data phase  
pending the scan.  Another solution would be not returning message  
content within a DSN.  This would mitigate the distribution of  
viruses, as well as forged bounce-addresses sent to a backup MTAs as  
a method for bypassing black-hole lists.  Would changing what is  
returned within a DSN in all cases be a solution?

-Doug

• Previous message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Next message (by thread): Clueless anti-virus products/vendors (was Re: Sober)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]