Re: AV/Spam Alert response messages
From: Alun Jones (alun_at_TEXIS.COM)
Date: 08/21/03
- Previous message: Russ: "AV/Spam Alert response messages"
- In reply to: Russ: "AV/Spam Alert response messages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 21 Aug 2003 10:48:28 -0500 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
> -----Original Message-----
> From: Windows NTBugtraq Mailing List
> [mailto:NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM] On Behalf Of Russ
> Sent: Thursday, August 21, 2003 10:33 AM
>
> In this day and age where most virus infected emails are
> coming from spoofed email addresses, do you really think its
> prudent to have your AV gateways configured to automatically
> send notices? Marc Maifrett's email generated over 100
> automatic responses to the list address, most copied to
> Marc's address also, and no doubt many more simply returned a
> warning to Marc's address only.
I hear what you're saying, particularly in regard to SoBig.F, and with that
in mind, I'd like to add that this should go beyond system administrators
setting options to not send out warnings. This should be a hard-coded
thing. If the software should detect a known virus, it should not send any
email to the alleged sender unless the virus is known to use the infected
person's email account for all outgoing messages.
Part of my job is to send software that my customers have ordered to them.
Most of these customers request that I send it through email. Of course,
the software includes an executable or two, and I'm careful to encrypt and
zip these. One of the big problems I face is that some customers will call
me back a month after I send the software, and they'll say "where's my
software?", and I'll reply "we shipped it a month ago, and there were no
errors reported". After a little exchange that can often be quite rude on
the customer's behalf, we establish that his mail server must have deleted
it because, as we all know, most viruses spread by the use of encrypted zip
files </sarcasm>
So, there's a valid need to notify someone - either the recipient, or the
sender, or someone who can analyse the email in question and make a good
determination. But in the case of a known and identified virus, especially
where the virus is known to forge "From" addresses, email should not be sent
to the "From" address. If you must send an email somewhere, send it to the
recipient.
I've spent part of this morning arguing with a "tech support" representative
for an antivirus company, who has been telling me all morning that his
software includes a setting for the system administrator to tell the scanner
to "send a message to the sender and recipient of the virus" (his words, not
mine), and I've been trying to persuade him that this option is not doing
what it is supposed to be doing, it's doubling the fun on the behalf of the
virus writer.
If list managers are told "don't send email unless you know the recipient is
the person who claimed to opt in to the list", then shouldn't this also be
true of virus scanners? Don't send email unless you know the recipient is
the infected party.
Alun.
~~~~
-- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | alun@texis.com. Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer. oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Whatever Happened to Octopus? LEGATO RepliStor, formerly known as Octopus, delivers breakthrough replication performance that's 5X faster than the competition in an independent head-to-head test. Learn how RepliStor uses patented, asynchronous, real-time replication, to deliver disaster recovery, data distribution and consolidated backups. It is the first replication solution to achieve Windows 2003 certification. Get the performance report now. http://portal1.legato.com/products/replistor/upgrade.cfm oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Russ: "AV/Spam Alert response messages"
- In reply to: Russ: "AV/Spam Alert response messages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
