[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <029b01c36d82$eb0d7690$3501a8c0@MM>
From: listas at istf.com.br (Marcos Machado)
Subject: AV "feature" does more DDoS than Sobig
Yes, Richard... Default ON is a marketing oriented decision.
I use the Amavisd on my mail gateway and it has this option:
#
# Section IV - Notifications, quarantine
#
# Treat envelope sender address as unreliable
# and don't send sender notification if name(s)
# of detected virus(es) match the list. Note that
# virus names are supplied by external virus scanner(s),
# so the virus names may need to be adjusted. See
# README.lookups for syntax.
#
$viruses_that_fake_sender_re = Amavis::Lookup::RE->new(
qr'nimda|hybris|klez|bugbear|yaha|braid'i );
Pretty easy to avoid false-positive notifications. And, of
course, you can set...
$warnvirussender = 0;
...to no notifications at all.
[]s, MM
----- Original Message -----
From: "Richard M. Smith" <rms@...puterbytesman.com>
To: "'Fabio Gomes de Souza'" <bugtraq@....com.br>;
<full-disclosure@...ts.netsys.com>; <rms@...puterbytesman.com>
Sent: Thursday, August 28, 2003 10:56 AM
Subject: RE: [Full-Disclosure] AV "feature" does more DDoS than
Sobig
When I get one of these false alarm messages about Sobig, I am
complaing
to both the company who sent the message and the vendor who
supplies the
buggy software. If an anti-virus software package knows that a
particular email virus uses forged return addresses, it shouldn't
ever
send out a warning message about an infected email message. If
it does
send out a message in this situation, the message will almost
surely go
to the wrong person.
Of course, these warning messages are also a form of spam since
many of
them contain ads for the anti-virus software package that finds
the
infected message.
Richard M. Smith
http://www.ComputerBytesMan.com
#################################################################
#################################################################
#################################################################
#####
#####
#####
#################################################################
#################################################################
#################################################################
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists