Better safe than sorry. Unless you can determine that it isn't forged, you shouldn't be sending anything because there is so much out there forging From: addresses (or To: for that matter, with Bcc:). So, this isn't about ideal vs ok-close-enough. Don't send me crap unless you have a reasonable level of confidence. I don't believe that you can pass a straight face test with virus scanning responses on that one. If you can, I think you need your head examined ;-) On Dec 4, 2005, at 10:27 PM, Church, Chuck wrote:
What about all the viruses out there that don't forge addresses? Sending a warning message makes sense for these. Unless someone has done the research to determine the majority of viruses forge addresses, you really can't complain about the fact that the default is to warn. Calling vendors 'clueless' because a default doesn't match your needs is a little extreme, don't you think? The ideal solution would be for the scanning software to send a warning only if the virus detected is known to use real addresses, otherwise it won't warn.
Chuck
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Todd Vierling Sent: Sunday, December 04, 2005 4:53 PM To: W.D.McKinney Cc: nanog@merit.edu Subject: RE: Clueless anti-virus products/vendors (was Re: Sober)
On Sun, 4 Dec 2005, W.D.McKinney wrote:
(Virus "warnings" to forged addresses are UBE, plain and simple.)
Since when? I disagree.
UBE = "unsolicited bulk e-mail".
Which of those three words do[es] not apply to virus "warning" backscatter to forged envelope/From: addresses? Think carefully before answering.
-- -- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>