[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig

To: <full-disclosure@lists.netsys.com>
Subject: Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig
From: "Marcos Machado" <listas@istf.com.br>
Date: Thu, 28 Aug 2003 13:39:13 -0300

Yes, Richard... Default ON is a marketing oriented decision.

I use the Amavisd on my mail gateway and it has this option:

#
# Section IV - Notifications, quarantine
#

# Treat envelope sender address as unreliable
# and don't send sender notification if name(s)
# of detected virus(es) match the list. Note that
# virus names are supplied by external virus scanner(s),
# so the virus names may need to be adjusted. See
# README.lookups for syntax.
#
$viruses_that_fake_sender_re = Amavis::Lookup::RE->new(
  qr'nimda|hybris|klez|bugbear|yaha|braid'i );


Pretty easy to avoid false-positive notifications. And, of
course, you can set...

$warnvirussender = 0;

...to no notifications at all.

[]s, MM



----- Original Message ----- 
From: "Richard M. Smith" <rms@computerbytesman.com>
To: "'Fabio Gomes de Souza'" <bugtraq@gs2.com.br>;
<full-disclosure@lists.netsys.com>; <rms@computerbytesman.com>
Sent: Thursday, August 28, 2003 10:56 AM
Subject: RE: [Full-Disclosure] AV "feature" does more DDoS than
Sobig


When I get one of these false alarm messages about Sobig, I am
complaing
to both the company who sent the message and the vendor who
supplies the
buggy software.  If an anti-virus software package knows that a
particular email virus uses forged return addresses, it shouldn't
ever
send out a warning message about an infected email message.  If
it does
send out a message in this situation, the message will almost
surely go
to the wrong person.

Of course, these warning messages are also a form of spam since
many of
them contain ads for the anti-virus software package that finds
the
infected message.

Richard M. Smith
http://www.ComputerBytesMan.com



#################################################################
#################################################################
#################################################################
#####
#####
#####
#################################################################
#################################################################
#################################################################

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] AV "feature" does more DDoS than Sobig
  - From: "Richard M. Smith" <rms@computerbytesman.com>

Prev by Date: Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig
Next by Date: Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig
Prev by thread: RE: [Full-Disclosure] AV "feature" does more DDoS than Sobig
Next by thread: Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig
Index(es):
- Date
- Thread