Bugtraq mailing list archives
Re: RFC: virus handling
From: "Pavel Levshin" <flicker () mariinsky ru>
Date: Thu, 29 Jan 2004 23:39:19 +0300
Hello, Thomas! You wrote to <bugtraq () securityfocus com> on Wed, 28 Jan 2004 16:45:39 +0100: TZ> 1.1.) Configuration TZ> Unless the virus scanner provides special handling for worms and virii TZ> which knowingly use a faked sender address it should not send out TZ> notification messages unless the administrator has been warned that TZ> these notification messages may not reach the intended recipient and TZ> has still enabled this feature. Antivirus software MAY be configured to send notifications to local senders and/or recipients, i.e. to domains which are handled by this server. Antivirus filtering software SHOULD NOT be configured to send out notifications to senders or recipients other than local, unless it distinguishes between faked and real addresses. I know many administrators who do not care of a few thousands antivirus reports per day. No "warnings" are accepted. I would like to have some RFC which disallows such behaviour, so I could send them all to RFC-ignorant BL. TZ> 1.2.1.) Standardization TZ> To allow filtering of these messages they should always carry the text TZ> 'possible virus found' in the subject optionally extended by the name TZ> of the virus or the test conducted (eg. heuristics). It is unfair in relation to other languages. Many users do not read in English, and Subject is supposed to be human-readable field. This information could have standard form in other header. TZ> 3.1.2.) e-mail Alias and Web-Interface TZ> Additionally providers should provide e-mail aliases for the IP TZ> addresses of their customers (eg. customer at 127.0.0.1 can be reached TZ> via 127.0.0.1 () provider com) or a web interface with similiar TZ> functionality. The latter should be provided when dynamically assigned TZ> IP addresses are used for which an additional timestamp is required. It tends to be non-standard interface, which is very hard to find and use. With best regards, Pavel Levshin. E-mail: flicker () mariinsky ru
Current thread:
- Re: RFC: virus handling 3APA3A (Feb 02)
- getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Gadi Evron (Feb 03)
- Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] James A. Thornton (Feb 04)
- Re: getting rid of outbreaks and spam (junk) James Riden (Feb 04)
- Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] der Mouse (Feb 05)
- Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Georg Schwarz (Feb 06)
- <Possible follow-ups>
- Re: RFC: virus handling Sascha Wilde (Feb 02)
- Re: RFC: virus handling Pavel Levshin (Feb 02)
- Re: RFC: virus handling David F. Skoll (Feb 03)
- Re: RFC: virus handling Jeremy Mates (Feb 02)
- Hysterical first technical alert from US-CERT Larry Seltzer (Feb 03)
- Re: Hysterical first technical alert from US-CERT Valdis . Kletnieks (Feb 04)
- RE: Hysterical first technical alert from US-CERT Larry Seltzer (Feb 05)
- Re: Hysterical first technical alert from US-CERT Valdis . Kletnieks (Feb 04)
- Re: Hysterical first technical alert from US-CERT Stephen Samuel (Feb 06)
- Re: Hysterical first technical alert from US-CERT Valdis . Kletnieks (Feb 06)
- Re: Hysterical first technical alert from US-CERT Shawn McMahon (Feb 10)
- Hysterical first technical alert from US-CERT Larry Seltzer (Feb 03)
- getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling] Gadi Evron (Feb 03)
- Re: Hysterical first technical alert from US-CERT Philip Rowlands (Feb 05)