[snip Eicar signature]
You didn't attach it. If you had, I'm pretty sure Exim (running an ACL
plugged into ClamAV) would have caught it before it got to my Inbox. Clam
detects Eicar just fine. :>
:) I did receive two "your message contains a virus" replies. One was
a "Panda GateDefender"
mary wrote:
mta test anyone?
[snip Eicar signature]
You didn't attach it. If you had, I'm pretty sure Exim (running an ACL
plugged into ClamAV) would have caught it before it got to my Inbox. Clam
detects Eicar just fine. :>
What you did was include it inline in a text/plain MIME part in
mta test anyone?
[EMAIL PROTECTED](P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
On Sat, 10 Dec 2005, Edward B. Dreger wrote:
> Let's use some hyperbole:
>
> Say that the latest megaworm chucks out spam at speeds resembling SQL
> Slammer. The return-path specified is your email address. Millions of
> MXes send _you_ bogus DSNs "in good faith".
That's not exactly hyperbole.
DO> Date: Fri, 9 Dec 2005 15:08:49 -0800
DO> From: Douglas Otis
DO> This is a third-party acting in good faith, albeit performing a check better
DO> done within the session. In your view, there is less concern about delivery
DO> integrity, and so related DSNs should be tossed. Being done within
MS> Date: Sat, 10 Dec 2005 22:54:24 +1100
MS> From: Matthew Sullivan
MS> RFC 2821 states explicitly that once the receiving server has issued a 250
MS> Ok to the end-of-data command, the receiving server has accepted
MS> responsibility for either delivering the message or notifying the sender
MS
On Fri, Dec 09, 2005 at 09:03:10AM -0800, Douglas Otis wrote:
> There is a solution you can implement now that gets rid of these tens of
> thousands of virus and abuse laden DSNs you see every day before the
> data phase.
BATV is not a solution.
It's a band-aid.
It fails to address the underlyi
On Sat, 10 Dec 2005, Douglas Otis wrote:
With the high prevalence of viruses having a forged return-path, the
concern is largely about _false_ detections. These are not actual
numbers, but perhaps more realistic than figures suggested previously.
Imagine the false positive error rate for an em
On Sat, 2005-12-10 at 15:40 +0100, JP Velders wrote:
> *any* anti-virus vendor has not only signatures of a specific virus
> but also a good understanding of what the virus does and how it
> spreads. If the vendor doesn't, well, they'd better retire from the AV
> business, because as a vendor
On Fri, 9 Dec 2005, Douglas Otis wrote:
> When there is some percentage of false-positive detection,
I'm *loving* your crack-induced comedy. Troll it up, bay-bee!
Show me the false positive rate. If you can prove any site with more than
0.1% FP on malware detection with any off the shelf
> From [EMAIL PROTECTED] Sat Dec 10 06:58:38 2005
> Date: Sat, 10 Dec 2005 12:57:34 + (GMT)
> From: "Stephen J. Wilcox" <[EMAIL PROTECTED]>
> Subject: Re: SMTP store and forward requires DSN for integrity (was
> Re:Clueless
> anti-virus )
>
>
>
> Date: Fri, 9 Dec 2005 15:08:49 -0800
> From: Douglas Otis <[EMAIL PROTECTED]>
> Subject: Re: SMTP store and forward requires DSN for integrity
> On Dec 9, 2005, at 1:12 PM, Todd Vierling wrote:
> > [ ... ]
> > I have not requested the virus "warnings" (unsolicited), they are being sent
> > via
On Sat, 10 Dec 2005, Matthew Sullivan wrote:
> Please remember people..
>
> RFC 2821 states explicitly that once the receiving server has issued a
> 250 Ok to the end-of-data command, the receiving server has accepted
> responsibility for either delivering the message or notifying the sender
Robert, sorry I missed the full conversation, and don't have time to
read the whole thread, but based on your mail alone a few words of
agreement...
Please remember people..
RFC 2821 states explicitly that once the receiving server has issued a
250 Ok to the end-of-data command, the receivi
This is pointless argument, please stop
There are those who think they are right in spamming people with reports
of a virus they didn't send and the rest of the planet who think they
are mad and wish they'd get a clue.
> As the recipient of the DSN is _always_ the best
> judge whether the DSN
On Dec 9, 2005, at 4:09 PM, Robert Bonomi wrote:
1) Malware detection has a 0% false positive.
If there is a 'false positive' detecting malware, it is a near
certainty that the "legitimate" message so classified does *NOT*
have a FORGED ADDRESS.
When there is some percentage of false
Douglas Otis wrote:
On Dec 9, 2005, at 1:12 PM, Todd Vierling wrote:
None of these are my problem. I am a non-involved third party to
the malware detection software, so I should not be a party to its
outgoing spew.
I have not requested the virus "warnings" (unsolicited), they are
being se
On Fri, 9 Dec 2005, Douglas Otis wrote:
> > None of these are my problem. I am a non-involved third party to the
> > malware detection software, so I should not be a party to its outgoing spew.
> This is a third-party acting in good faith,
Wow, you're one twisted individual.
Can I have a hit
> From [EMAIL PROTECTED] Fri Dec 9 17:10:00 2005
> Cc: "Steven J. Sobol" <[EMAIL PROTECTED]>, "Geo." <[EMAIL PROTECTED]>,
> nanog@merit.edu
> From: Douglas Otis <[EMAIL PROTECTED]>
> Subject: Re: SMTP store and forward requires DSN
> From [EMAIL PROTECTED] Fri Dec 9 13:59:30 2005
> nanog@merit.edu
> From: Douglas Otis <[EMAIL PROTECTED]>
> Subject: Re: SMTP store and forward requires DSN for integrity (was
> Re:Clueless anti-virus )
> Date: Fri, 9 Dec 2005 11:58:15 -0800
> To: Todd
On Fri, 9 Dec 2005, Douglas Otis wrote:
> [AV notifications are] a third-party acting in good faith
Perhaps in your world. Definitely not in mine.
--
Steve Sobol, Professional Geek 888-480-4638 PGP: 0xE3AE35ED
Company website: http://JustThe.net/
Personal blog, resume, portfolio: http://St
On Dec 9, 2005, at 1:12 PM, Todd Vierling wrote:
None of these are my problem. I am a non-involved third party to
the malware detection software, so I should not be a party to its
outgoing spew.
I have not requested the virus "warnings" (unsolicited), they are
being sent via an automa
c: "Steven J. Sobol" <[EMAIL PROTECTED]>; "Geo."
<[EMAIL PROTECTED]>;
Sent: Friday, December 09, 2005 1:58 PM
Subject: Re: SMTP store and forward requires DSN for integrity (was
Re:Clueless anti-virus )
On Dec 9, 2005, at 10:15 AM, Todd Vierling wrote:
Leaving aside from the question of if virus-infected DSNs are UBE and
thus "spam" or not...
Todd Vierling wrote:
If you want to notify someone about a filtered malware instance, notify the
intended *recipient*, and provide that user with the email address of the
alleged sender. If it's a fa
- Original Message -
From: "Douglas Otis" <[EMAIL PROTECTED]>
To: "Todd Vierling" <[EMAIL PROTECTED]>
Cc: "Steven J. Sobol" <[EMAIL PROTECTED]>; "Geo." <[EMAIL PROTECTED]>;
Sent: Friday, December 09, 2005 1:58 PM
Sub
- Original Message -
From: "Douglas Otis" <[EMAIL PROTECTED]>
To: "Todd Vierling" <[EMAIL PROTECTED]>
Cc: "Steven J. Sobol" <[EMAIL PROTECTED]>; "Geo." <[EMAIL PROTECTED]>;
Sent: Friday, December 09, 2005 1:58 PM
Sub
On Fri, 9 Dec 2005, Douglas Otis wrote:
> > 1. Virus "warnings" to forged addresses are UBE, by definition.
>
> This definition would be making at least two of the following assumptions:
>
> 1) Malware detection has a 0% false positive.
> 2) Lack of DSN for email falsely detected containing mal
Douglas Otis wrote:
On Dec 9, 2005, at 10:15 AM, Todd Vierling wrote:
1. Virus "warnings" to forged addresses are UBE, by definition.
This definition would be making at least two of the following assumptions:
1) Malware detection has a 0% false positive.
Near enough so that rej
- Original Message -
From: "Matt Ghali" <[EMAIL PROTECTED]>
To: "Micheal Patterson" <[EMAIL PROTECTED]>
Cc:
Sent: Friday, December 09, 2005 1:49 PM
Subject: Re: SMTP store and forward requires DSN for integrity (was
Re:Clueless anti-virus )
On Fr
On Dec 9, 2005, at 10:15 AM, Todd Vierling wrote:
1. Virus "warnings" to forged addresses are UBE, by definition.
This definition would be making at least two of the following
assumptions:
1) Malware detection has a 0% false positive.
2) Lack of DSN for email falsely detected containi
On Fri, 9 Dec 2005, Micheal Patterson wrote:
They may not a choice if those that are being hammered with their
auto-generated DSN's deem it unusually high traffic rate and
simply black list the domains using these devices. AOL.com comes
to mind and a few others in the recent weeks that
- Original Message -
From: "Geo." <[EMAIL PROTECTED]>
To:
Sent: Friday, December 09, 2005 10:59 AM
Subject: RE: SMTP store and forward requires DSN for integrity (was
Re:Clueless anti-virus )
It doesn't matter what the notifications look like. There
- Original Message -
From: "Geo." <[EMAIL PROTECTED]>
To:
Sent: Friday, December 09, 2005 9:57 AM
Subject: RE: SMTP store and forward requires DSN for integrity (was
Re:Clueless anti-virus )
While AV scanning may be done during the session, it would also req
On Fri, 9 Dec 2005, Douglas Otis wrote:
> > Actually, I get about ten to twenty times as much virus blowback as I get
> > spam from trojan-zombie boxes.
> I am having difficulty understanding why a one time investment in
> Bounce-Address Tag Validation which can be in operation immediately and o
On Dec 9, 2005, at 9:59 AM, Steven J. Sobol wrote:
On Fri, 9 Dec 2005, Todd Vierling wrote:
I'd like someone UNBIASED to take up his side of the discussion,
please. I'm really not inclined to listen to an AV employee explain
why they should be spamming us.
I am not aware of any of our
On Dec 9, 2005, at 9:22 AM, Todd Vierling wrote:
Actually, I get about ten to twenty times as much virus blowback as
I get spam from trojan-zombie boxes.
That's because the virus blowback comes from otherwise "reputable"
MTAs, whereas the spam comes form zombies that are often already
b
On Fri, 9 Dec 2005, Todd Vierling wrote:
>
> On Fri, 9 Dec 2005, Douglas Otis wrote:
>
> > There is a solution you can implement now that gets rid of these tens of
> > thousands of virus and abuse laden DSNs you see every day before the
> > data phase.
>
> And it is *my* responsibility to reje
On Fri, 9 Dec 2005, Geo. wrote:
> I hear you but you and I both know AV companies are not going to give up the
> automated spamming feature that easily.
I don't doubt that. Their generated UBE is often commercial in nature, too,
because they usually carry an advertising link along with the spew
On Fri, 9 Dec 2005, Douglas Otis wrote:
> There is a solution you can implement now that gets rid of these tens of
> thousands of virus and abuse laden DSNs you see every day before the
> data phase.
And it is *my* responsibility to reject UBE that shouldn't have been
generated in the first plac
On Fri, 9 Dec 2005, Douglas Otis wrote:
> There is a solution you can implement now that gets rid of these tens of
> thousands of virus and abuse laden DSNs you see every day before the
> data phase.
Why should the burden/cost/hassle be placed on me to do this? In many
cases, it isn't even on
On Fri, 9 Dec 2005, Geo. wrote:
> I hear you but you and I both know AV companies are not going to give up the
> automated spamming feature that easily.
Then maybe we should bring market pressure to bear on them. Personally, I
run Exim and ClamAV and don't have that problem. If they're going to
On Fri, 2005-12-09 at 11:16 -0500, Todd Vierling wrote:
> On Fri, 9 Dec 2005, Geo. wrote:
>
> > If everyone would just standardize on at least the first part of every virus
> > notification being the same thing, say:
> >
> > XXX VIRUS NOTIFICATION: blah blah blah
> >
> > where XXX is some error
>>It doesn't matter what the notifications look like. There is no reason
that
my SMTP server should be subject to more than TEN THOUSAND of these damned
things every day, <<
I hear you but you and I both know AV companies are not going to give up the
automated spamming feature that easily. A sta
On Fri, 9 Dec 2005, Geo. wrote:
> If everyone would just standardize on at least the first part of every virus
> notification being the same thing, say:
>
> XXX VIRUS NOTIFICATION: blah blah blah
>
> where XXX is some error number, we could all easily control virus
> notifications at the receivi
>>While AV scanning may be done during the session, it would also require
additional steps to also contain _all_ upstream activity within the same
session as well, when attempting to achieve an apparent point-to-point
operation. If SMTP were point-to-point, this would be evolving into the
IM mode
45 matches
Mail list logo
