[87124] in North American Network Operators' Group
Re: Clueless anti-virus products/vendors (was Re: Sober)
daemon@ATHENA.MIT.EDU (Christian Kuhtz)
Sun Dec 4 22:35:38 2005
In-Reply-To: <B6621ED4D0AD394BBA73CA657DFD8976869630@MSPEXBE01.wamnet.inc>
Cc: <nanog@merit.edu>
From: Christian Kuhtz <kuhtzch@corp.earthlink.net>
Date: Sun, 4 Dec 2005 22:33:18 -0500
To: "Church, Chuck" <cchurch@netcogov.com>
Errors-To: owner-nanog@merit.edu
Better safe than sorry. Unless you can determine that it isn't
forged, you shouldn't be sending anything because there is so much
out there forging From: addresses (or To: for that matter, with Bcc:).
So, this isn't about ideal vs ok-close-enough. Don't send me crap
unless you have a reasonable level of confidence. I don't believe
that you can pass a straight face test with virus scanning responses
on that one.
If you can, I think you need your head examined ;-)
On Dec 4, 2005, at 10:27 PM, Church, Chuck wrote:
>
> What about all the viruses out there that don't forge addresses?
> Sending a warning message makes sense for these. Unless someone has
> done the research to determine the majority of viruses forge
> addresses,
> you really can't complain about the fact that the default is to warn.
> Calling vendors 'clueless' because a default doesn't match your
> needs is
> a little extreme, don't you think? The ideal solution would be for
> the
> scanning software to send a warning only if the virus detected is
> known
> to use real addresses, otherwise it won't warn.
>
>
> Chuck
>
>
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On
> Behalf Of
> Todd Vierling
> Sent: Sunday, December 04, 2005 4:53 PM
> To: W.D.McKinney
> Cc: nanog@merit.edu
> Subject: RE: Clueless anti-virus products/vendors (was Re: Sober)
>
>
> On Sun, 4 Dec 2005, W.D.McKinney wrote:
>
>>> (Virus "warnings" to forged addresses are UBE, plain and simple.)
>>
>> Since when? I disagree.
>
> UBE = "unsolicited bulk e-mail".
>
> Which of those three words do[es] not apply to virus "warning"
> backscatter
> to forged envelope/From: addresses? Think carefully before answering.
>
> --
> -- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>
