Bugtraq mailing list archives
Re: RFC: virus handling
From: "James C. Slora Jr." <Jim.Slora () phra com>
Date: Tue, 3 Feb 2004 06:11:25 -0500
Craig Morrison wrote Wednesday, January 28, 2004 4:26 PM
Shut off notifications.
Yup. Standardizing notifications according to some new RFC would accomplish: 1. Providing another standard message format for socially engineering virus deliveries. 2. Adding yet another format for notifications - no such RFC would be universally adopted. 3. Feeding us geeks more useless esoterica to discuss indignantly on the lists - should noncompliant notifications be a new classification for rfc-ignorant blacklisting? 4. Continuing bombardment by enough mistaken and virus-faked notifications to make all notifications worse than useless. 5. Continuing possibilities for using MTA event-handling automation as a virus distribution vehicle. Possibilities would be more limited, but they would not be eliminated. 6. It would make it easier to filter the notifications, as the original poster intended. But I would rather not get them at all when most of them are mistaken automated notifications. Dealing with misaddressed mail and incoming infections is boring and costly. But automated NDRs and virus notifications just spread a larger cost out across a mail system. They eat the time of the system, the users, their correspondents, and possibly someone else's admin. They are a selfish way to push the costs onto others, and probably cost an organization more than they save in the mail admin's time. My opinion is you should drop what bad mail you can, and deal with the rest. Notifications are only useful when they are actionable - they have to be well-analyzed, and they have to be sent only to people who understand them and who have the motivation and ability to deal with them. That is a tall order, which means there should only be a few manually reviewed notifications.
Current thread:
- Re: Hysterical first technical alert from US-CERT, (continued)
- Re: Hysterical first technical alert from US-CERT Valdis . Kletnieks (Feb 06)
- Re: Hysterical first technical alert from US-CERT Shawn McMahon (Feb 10)
- Re: Hysterical first technical alert from US-CERT Philip Rowlands (Feb 05)
- Re: Hysterical first technical alert from US-CERT Andreas Marx (Feb 06)
- Re: RFC: virus handling Piotr KUCHARSKI (Feb 02)
- Re: RFC: virus handling Patrick Proniewski (Feb 02)
- Re: RFC: virus handling Matthew Dharm (Feb 03)
- Re: RFC: virus handling Ben Wheeler (Feb 04)
- Re: RFC: virus handling Shawn McMahon (Feb 07)
- Re: RFC: virus handling Matthew Dharm (Feb 03)
- Re: RFC: virus handling James C. Slora Jr. (Feb 03)
- Re: RFC: virus handling Dave Clendenan (Feb 03)
- Re: RFC: virus handling Volker Kuhlmann (Feb 04)
- Re: RFC: virus handling Casper Dik (Feb 04)