nanog mailing list archives
Re: Clueless anti-virus products/vendors (was Re: Sober)
From: "Micheal Patterson" <micheal () tsgincorporated com>
Date: Wed, 7 Dec 2005 10:43:05 -0600
----- Original Message ----- From: "Douglas Otis" <dotis () mail-abuse org>
To: "Todd Vierling" <tv () duh org>Cc: "Steven M. Bellovin" <smb () cs columbia edu>; "Church, Chuck" <cchurch () netcogov com>; <nanog () merit edu>
Sent: Tuesday, December 06, 2005 6:26 PM Subject: Re: Clueless anti-virus products/vendors (was Re: Sober)
On Dec 6, 2005, at 2:15 PM, Todd Vierling wrote:On Tue, 6 Dec 2005, Douglas Otis wrote:Holding at the data phase does usually avoid the need for a DSN, but this technique may require some added (less than elegant) operations depending uponwhere the scan engine exists within the email stream.Not my problem. I don't need or want, and should not be hammered with, virus "warnings" sent to forged addresses -- ever. They are unsolicited (I didn't request it, and definitely don't want it), bulk (automated upon receipt of viruses by the offending server), e- mail... thus UBE.I know of no cases where a malware related DSN would be generated by our products, nevertheless, DSNs are not Unsolicited Bulk Email.
That's good Doug, and IMHO, your products should never generate them. However, I will disagree with you concerning the DSN being UBE. As a general rule, you are correct, DSN's != UBE. However, in the case of av systems (scanning engine and mta configurations) they can be. While I agree with you that the scanning engine(s) used by most of us, do not actually send reject notifications, the mechanisms that employ them, both commercial and open source, usually can, and do, unless configured not to. Some may see it as a violation of RFC to not return a DSN on failed delivery. Others, like myself see the need to not return a failure notice on virus / trojan infected email as it has become the norm that the sender information is forged. Especially those systems that contain the infected data along with the message. To many trojans / viri as of late, the DSN's that include the message (with infection) are being used as a repeater to further propogate the infection. Those that release these things are starting to depend on our mechanisms to help them spread. I, like others, prefer not to help them break the net from my little piece of it.
--Mike P.
Current thread:
- Re: Clueless anti-virus products/vendors (was Re: Sober), (continued)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Edward B. Dreger (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Jamie C. Pole (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Christopher L. Morrow (Dec 04)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Douglas Otis (Dec 05)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Valdis . Kletnieks (Dec 05)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Todd Vierling (Dec 06)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Douglas Otis (Dec 06)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Todd Vierling (Dec 06)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Douglas Otis (Dec 06)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Steven J. Sobol (Dec 07)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Micheal Patterson (Dec 07)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Michael . Dillon (Dec 08)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Douglas Otis (Dec 08)
- Re: Clueless anti-virus products/vendors (was Re: Sober) Simon Waters (Dec 09)
- SMTP store and forward requires DSN for integrity (was Re: Clueless anti-virus ) Douglas Otis (Dec 09)
- RE: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Geo. (Dec 09)
- RE: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Todd Vierling (Dec 09)
- RE: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Geo. (Dec 09)
- RE: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Steven J. Sobol (Dec 09)
- RE: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Todd Vierling (Dec 09)
- Re: SMTP store and forward requires DSN for integrity (was Re:Clueless anti-virus ) Douglas Otis (Dec 09)