From: W.D.McKinney (no email)
Date: Fri Dec 02 2005 - 19:45:05 EST
>-----Original Message-----
>From: Daniel Senie [mailto:]
>Sent: Friday, December 2, 2005 11:27 AM
>To:
>Subject: Clueless anti-virus products/vendors (was Re: Sober)
>
>
>At 03:12 PM 12/2/2005, Michael Loftis wrote:
>
>
>
>>--On December 2, 2005 2:02:15 PM -0600 Dennis Dayman
>><> wrote:
>>
>>>
>>>Interested, but I see many Sober postings and outages on other lists and
>>>not here...has anyone been having issues? I know the ISP's are fighting
>>>the living out of the virus.
>>
>>I've been seeing a few really large bursts into our mailserver. Not
>>sure if it's a new variant or a reoccurrence of an old strain. I
>>put in a good number of new port 25 inbound blocks for infected
>>systems and attempted to put up a few checks inside of our front end
>>mail servers rather than in the virus and spam filtering (which
>>happens later for us, so for bad surges we put a few custom rules up
>>front early in postfix).
>
>Only stuff we're seeing is a lot of blowback from dumb mail systems
>that accept email, THEN scan for viruses, and ultimately decide to
>send a note back to the From: address in the body of the infected
>email. Since the From: is invariably forged, the uninvolved owner of
>those forged email addresses gets hammered.
>
>Can people building virus scanning devices PLEASE GET A %^&*^ CLUE?
>This means you, Barricuda Networks, more than anyone else, but we
>also see this annoyance from Symantec devices, and from some AOL
>systems as well.
>
It's a simple switch in the GUI of Barracuda Networks to turn of this annoyance. More operator error than Barracuda's fault, IMHO.
-Dee
>Blasting a note back does two things:
>
>1. It allows the worm or virus author an opportunity to implement an
>amplified attack on a third party using your filtering systems.
>
>2. The bounce messages mostly include an advertisement for the
>filtering box's vendor. Get a clue... this is a REALLY negative
>advertisement for your spam & virus filtering technology. If you
>can't manage to realize the virus laden email should perhaps be
>dropped, then it makes your box look poorly designed.
>
>Oh, and please delete the infected file rather than sending that along too.
>
>OK, off my soapbox.
>
>Dan
>
>
|
|
|