North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Clueless anti-virus products/vendors (was Re: Sober)

  • From: Micheal Patterson
  • Date: Wed Dec 07 11:45:27 2005




----- Original Message ----- From: "Douglas Otis" <[email protected]>
To: "Todd Vierling" <[email protected]>
Cc: "Steven M. Bellovin" <[email protected]>; "Church, Chuck" <[email protected]>; <[email protected]>
Sent: Tuesday, December 06, 2005 6:26 PM
Subject: Re: Clueless anti-virus products/vendors (was Re: Sober)


On Dec 6, 2005, at 2:15 PM, Todd Vierling wrote:

On Tue, 6 Dec 2005, Douglas Otis wrote:

Holding at the data phase does usually avoid the need for a DSN, but this
technique may require some added (less than elegant) operations depending upon
where the scan engine exists within the email stream.
Not my problem. I don't need or want, and should not be hammered with, virus "warnings" sent to forged addresses -- ever. They are unsolicited (I didn't request it, and definitely don't want it), bulk (automated upon receipt of viruses by the offending server), e- mail... thus UBE.
I know of no cases where a malware related DSN would be generated by our products, nevertheless, DSNs are not Unsolicited Bulk Email.
That's good Doug, and IMHO, your products should never generate them. However, I will disagree with you concerning the DSN being UBE. As a general rule, you are correct, DSN's != UBE. However, in the case of av systems (scanning engine and mta configurations) they can be. While I agree with you that the scanning engine(s) used by most of us, do not actually send reject notifications, the mechanisms that employ them, both commercial and open source, usually can, and do, unless configured not to. Some may see it as a violation of RFC to not return a DSN on failed delivery. Others, like myself see the need to not return a failure notice on virus / trojan infected email as it has become the norm that the sender information is forged. Especially those systems that contain the infected data along with the message. To many trojans / viri as of late, the DSN's that include the message (with infection) are being used as a repeater to further propogate the infection. Those that release these things are starting to depend on our mechanisms to help them spread. I, like others, prefer not to help them break the net from my little piece of it.

--

Mike P.