North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Clueless anti-virus products/vendors (was Re: Sober)
- From: Daniel Senie
- Date: Fri Dec 02 15:28:32 2005
At 03:12 PM 12/2/2005, Michael Loftis wrote:
--On December 2, 2005 2:02:15 PM -0600 Dennis Dayman
Only stuff we're seeing is a lot of blowback from dumb mail systems
that accept email, THEN scan for viruses, and ultimately decide to
send a note back to the From: address in the body of the infected
email. Since the From: is invariably forged, the uninvolved owner of
those forged email addresses gets hammered.
I've been seeing a few really large bursts into our mailserver. Not
sure if it's a new variant or a reoccurrence of an old strain. I
put in a good number of new port 25 inbound blocks for infected
systems and attempted to put up a few checks inside of our front end
mail servers rather than in the virus and spam filtering (which
happens later for us, so for bad surges we put a few custom rules up
front early in postfix).
Interested, but I see many Sober postings and outages on other lists and
not here...has anyone been having issues? I know the ISP's are fighting
the living out of the virus.
Can people building virus scanning devices PLEASE GET A %^&*^ CLUE?
This means you, Barricuda Networks, more than anyone else, but we
also see this annoyance from Symantec devices, and from some AOL
systems as well.
Blasting a note back does two things:
1. It allows the worm or virus author an opportunity to implement an
amplified attack on a third party using your filtering systems.
2. The bounce messages mostly include an advertisement for the
filtering box's vendor. Get a clue... this is a REALLY negative
advertisement for your spam & virus filtering technology. If you
can't manage to realize the virus laden email should perhaps be
dropped, then it makes your box look poorly designed.
Oh, and please delete the infected file rather than sending that along too.
OK, off my soapbox.