Full Disclosure mailing list archives

Re: AV "feature" does more DDoS than Sobig

From: "Marcos Machado" <listas () istf com br>
Date: Thu, 28 Aug 2003 13:39:13 -0300

Yes, Richard... Default ON is a marketing oriented decision.

I use the Amavisd on my mail gateway and it has this option:

#
# Section IV - Notifications, quarantine
#

# Treat envelope sender address as unreliable
# and don't send sender notification if name(s)
# of detected virus(es) match the list. Note that
# virus names are supplied by external virus scanner(s),
# so the virus names may need to be adjusted. See
# README.lookups for syntax.
#
$viruses_that_fake_sender_re = Amavis::Lookup::RE->new(
  qr'nimda|hybris|klez|bugbear|yaha|braid'i );


Pretty easy to avoid false-positive notifications. And, of
course, you can set...

$warnvirussender = 0;

...to no notifications at all.

[]s, MM



----- Original Message ----- 
From: "Richard M. Smith" <rms () computerbytesman com>
To: "'Fabio Gomes de Souza'" <bugtraq () gs2 com br>;
<full-disclosure () lists netsys com>; <rms () computerbytesman com>
Sent: Thursday, August 28, 2003 10:56 AM
Subject: RE: [Full-disclosure] AV "feature" does more DDoS than
Sobig


When I get one of these false alarm messages about Sobig, I am
complaing
to both the company who sent the message and the vendor who
supplies the
buggy software.  If an anti-virus software package knows that a
particular email virus uses forged return addresses, it shouldn't
ever
send out a warning message about an infected email message.  If
it does
send out a message in this situation, the message will almost
surely go
to the wrong person.

Of course, these warning messages are also a form of spam since
many of
them contain ads for the anti-virus software package that finds
the
infected message.

Richard M. Smith
http://www.ComputerBytesMan.com



#################################################################
#################################################################
#################################################################
#####
#####
#####
#################################################################
#################################################################
#################################################################

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

AV "feature" does more DDoS than Sobig Fabio Gomes de Souza (Aug 28)
- Re: AV "feature" does more DDoS than Sobig madsaxon (Aug 28)
  - RE: AV "feature" does more DDoS than Sobig Richard M. Smith (Aug 28)
- Re: AV "feature" does more DDoS than Sobig William Warren (Aug 28)
- Re: AV "feature" does more DDoS than Sobig William Warren (Aug 28)
  - Re: AV "feature" does more DDoS than Sobig Vladimir Parkhaev (Aug 28)
    - Re: AV "feature" does more DDoS than Sobig James Greenhalgh (Aug 28)
    - RE: AV "feature" does more DDoS than Sobig Steve Wray (Aug 28)
- Re: AV "feature" does more DDoS than Sobig 3APA3A (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Richard M. Smith (Aug 28)
  - Re: AV "feature" does more DDoS than Sobig Marcos Machado (Aug 28)
  - RE: AV "feature" does more DDoS than Sobig Ron DuFresne (Aug 28)
    - RE: AV "feature" does more DDoS than Sobig Richard M. Smith (Aug 28)
    - RE: AV "feature" does more DDoS than Sobig Ron DuFresne (Aug 28)
- Re: AV "feature" does more DDoS than Sobig David Vasil (Aug 28)
- Re: AV "feature" does more DDoS than Sobig Darren Reed (Aug 28)
- <Possible follow-ups>
- RE: AV "feature" does more DDoS than Sobig Rainer Gerhards (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Barrett, Rob (Aug 28)
- Re: AV "feature" does more DDoS than Sobig DStark (Aug 28)
  - Re: AV "feature" does more DDoS than Sobig yossarian (Aug 28)
  - RE: AV "feature" does more DDoS than Sobig Steve Wray (Aug 28)

(Thread continues...)