North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Clueless anti-virus products/vendors (was Re: Sober)
>-----Original Message----- >From: Daniel Senie [mailto:[email protected]] >Sent: Friday, December 2, 2005 11:27 AM >To: [email protected] >Subject: Clueless anti-virus products/vendors (was Re: Sober) > > >At 03:12 PM 12/2/2005, Michael Loftis wrote: > > > >>--On December 2, 2005 2:02:15 PM -0600 Dennis Dayman >><[email protected]> wrote: >> >>> >>>Interested, but I see many Sober postings and outages on other lists and >>>not here...has anyone been having issues? I know the ISP's are fighting >>>the living out of the virus. >> >>I've been seeing a few really large bursts into our mailserver. Not >>sure if it's a new variant or a reoccurrence of an old strain. I >>put in a good number of new port 25 inbound blocks for infected >>systems and attempted to put up a few checks inside of our front end >>mail servers rather than in the virus and spam filtering (which >>happens later for us, so for bad surges we put a few custom rules up >>front early in postfix). > >Only stuff we're seeing is a lot of blowback from dumb mail systems >that accept email, THEN scan for viruses, and ultimately decide to >send a note back to the From: address in the body of the infected >email. Since the From: is invariably forged, the uninvolved owner of >those forged email addresses gets hammered. > >Can people building virus scanning devices PLEASE GET A %^&*^ CLUE? >This means you, Barricuda Networks, more than anyone else, but we >also see this annoyance from Symantec devices, and from some AOL >systems as well. > It's a simple switch in the GUI of Barracuda Networks to turn of this annoyance. More operator error than Barracuda's fault, IMHO. -Dee >Blasting a note back does two things: > >1. It allows the worm or virus author an opportunity to implement an >amplified attack on a third party using your filtering systems. > >2. The bounce messages mostly include an advertisement for the >filtering box's vendor. Get a clue... this is a REALLY negative >advertisement for your spam & virus filtering technology. If you >can't manage to realize the virus laden email should perhaps be >dropped, then it makes your box look poorly designed. > >Oh, and please delete the infected file rather than sending that along too. > >OK, off my soapbox. > >Dan > >
|