Full Disclosure mailing list archives
Re: AV "feature" does more DDoS than Sobig
From: "Marcos Machado" <listas () istf com br>
Date: Thu, 28 Aug 2003 13:39:13 -0300
Yes, Richard... Default ON is a marketing oriented decision. I use the Amavisd on my mail gateway and it has this option: # # Section IV - Notifications, quarantine # # Treat envelope sender address as unreliable # and don't send sender notification if name(s) # of detected virus(es) match the list. Note that # virus names are supplied by external virus scanner(s), # so the virus names may need to be adjusted. See # README.lookups for syntax. # $viruses_that_fake_sender_re = Amavis::Lookup::RE->new( qr'nimda|hybris|klez|bugbear|yaha|braid'i ); Pretty easy to avoid false-positive notifications. And, of course, you can set... $warnvirussender = 0; ...to no notifications at all. []s, MM ----- Original Message ----- From: "Richard M. Smith" <rms () computerbytesman com> To: "'Fabio Gomes de Souza'" <bugtraq () gs2 com br>; <full-disclosure () lists netsys com>; <rms () computerbytesman com> Sent: Thursday, August 28, 2003 10:56 AM Subject: RE: [Full-disclosure] AV "feature" does more DDoS than Sobig When I get one of these false alarm messages about Sobig, I am complaing to both the company who sent the message and the vendor who supplies the buggy software. If an anti-virus software package knows that a particular email virus uses forged return addresses, it shouldn't ever send out a warning message about an infected email message. If it does send out a message in this situation, the message will almost surely go to the wrong person. Of course, these warning messages are also a form of spam since many of them contain ads for the anti-virus software package that finds the infected message. Richard M. Smith http://www.ComputerBytesMan.com ################################################################# ################################################################# ################################################################# ##### ##### ##### ################################################################# ################################################################# ################################################################# _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AV "feature" does more DDoS than Sobig Fabio Gomes de Souza (Aug 28)
- Re: AV "feature" does more DDoS than Sobig madsaxon (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Richard M. Smith (Aug 28)
- Re: AV "feature" does more DDoS than Sobig William Warren (Aug 28)
- Re: AV "feature" does more DDoS than Sobig William Warren (Aug 28)
- Re: AV "feature" does more DDoS than Sobig Vladimir Parkhaev (Aug 28)
- Re: AV "feature" does more DDoS than Sobig James Greenhalgh (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Steve Wray (Aug 28)
- Re: AV "feature" does more DDoS than Sobig Vladimir Parkhaev (Aug 28)
- Re: AV "feature" does more DDoS than Sobig 3APA3A (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Richard M. Smith (Aug 28)
- Re: AV "feature" does more DDoS than Sobig Marcos Machado (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Ron DuFresne (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Richard M. Smith (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Ron DuFresne (Aug 28)
- Re: AV "feature" does more DDoS than Sobig madsaxon (Aug 28)
- Re: AV "feature" does more DDoS than Sobig David Vasil (Aug 28)
- Re: AV "feature" does more DDoS than Sobig Darren Reed (Aug 28)
- <Possible follow-ups>
- RE: AV "feature" does more DDoS than Sobig Rainer Gerhards (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Barrett, Rob (Aug 28)
- Re: AV "feature" does more DDoS than Sobig DStark (Aug 28)
- Re: AV "feature" does more DDoS than Sobig yossarian (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Steve Wray (Aug 28)