In message <B6621ED4D0AD394BBA73CA657DFD8976869630@MSPEXBE01.wamnet.inc>, "Chur ch, Chuck" writes:
What about all the viruses out there that don't forge addresses? Sending a warning message makes sense for these. Unless someone has done the research to determine the majority of viruses forge addresses, you really can't complain about the fact that the default is to warn. Calling vendors 'clueless' because a default doesn't match your needs is a little extreme, don't you think? The ideal solution would be for the scanning software to send a warning only if the virus detected is known to use real addresses, otherwise it won't warn.
A-V companies are in the business of analyzing viruses. They should *know* how a particular virus behaves. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb