<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [anti-spam-wg@localhost] Broken AV software

On Thu, Nov 06, 2003 at 10:46:43AM +0100, Patrik Wallstrom wrote:
> I can understand why an administrator wants to notify a virus infected
> computer that they have been infected by a virus. But since almost all
> new viruses are using faked sender addresses, this is becoming a huge
> problem. When there is a big wave of a new virus, I get a lot of these
> notifications, and I believe that the AV companies are responsible for
> that.

I have talked to our AV vendor and asked them to not only report
the name of the virus but also to add a flag that tells whether the
virus fakes sender addresses (some viri don't ;-). That could be used
by reporting software to not send out sender notifications for viri with
fake senders. The answer was "we'll look into it".

There is an Internet Draft
which defines a "Auto-submitted" header field. I proposed they add
also some syntax for antivirus generated messages for easier
identification but reactions weren't too enthusiastic ... so nothing
will probably happen, even more as the draft is in final state.
See the thread

Sometimes I have the feeling IETF/IRTF/IESG is getting pretty lame
these days. Lots of things are talked to death but some big companies
make standards (even reverse standards violations) by simply doing
something without long discussions and thumb their noses at IETF/IRTF/IESG
afterwards. But then ... maybe my feelings are only kinda autumn depressions ;-)


SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

<<< Chronological >>> Author    Subject <<< Threads >>>