nanog mailing list archives
Re: Clueless anti-virus products/vendors (was Re: Sober)
From: Douglas Otis <dotis () mail-abuse org>
Date: Mon, 5 Dec 2005 17:38:00 -0800
On Dec 4, 2005, at 8:04 PM, Steven M. Bellovin wrote:
"Church, Chuck" writes:The ideal solution would be for the scanning software to send a warning only if the virus detected is known to use real addresses, otherwise it won't warn.A-V companies are in the business of analyzing viruses. They should *know* how a particular virus behaves.
It is common to find detailed descriptions offered by the company that indicates the behavior of the detected virus, which often includes spoofing the bounce-address. A less than elegant solution as an alternative to deleting the message, is to hold the data phase pending the scan. Another solution would be not returning message content within a DSN. This would mitigate the distribution of viruses, as well as forged bounce-addresses sent to a backup MTAs as a method for bypassing black-hole lists. Would changing what is returned within a DSN in all cases be a solution?
-Doug
Current thread:
- Re: Clueless anti-virus products/vendors (was Re: Sober), (continued)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Rich Kulawiec (Dec 05)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Robert Bonomi (Dec 04)
- RE: Clueless anti-virus products/vendors (was Re: Sober) Church, Chuck (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Geo. (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Christian Kuhtz (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Larry Smith (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Steven M. Bellovin (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Edward B. Dreger (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Jamie C. Pole (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Christopher L. Morrow (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Douglas Otis (Dec 05)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Valdis . Kletnieks (Dec 05)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Todd Vierling (Dec 06)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Douglas Otis (Dec 06)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Todd Vierling (Dec 06)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Douglas Otis (Dec 06)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Steven J. Sobol (Dec 07)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Micheal Patterson (Dec 07)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Michael . Dillon (Dec 08)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Douglas Otis (Dec 08)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Simon Waters (Dec 09)