ietf-asrg
[Top] [All Lists]

Re: [Asrg] where the message originated

2009-01-14 08:51:17
On Wed, Jan 14, 2009 at 09:24:45AM +0000, David Wilson wrote:
I would be interested to know what actual numbers for, or perhaps some
specific instances of, FP from anti-virus.

As more and more AV packages are being (incorrectly, in my opinion)
taught how to recognize phishes, I'm seeing more and more FP rejects
of *discussions* of phishes.

Like John, I've seen rejects based on partial virus-related content -
in some cases, apparently based on string matches.

But it is axiomatic that all anti-virus (and anti-spam) systems have
nonzero FP and FN rates (with the exception of the edge cases "reject all"
and "accept all").  Given that we know we will make these mistakes,
we need to consider how we can make them visibly, so that we give
ourselves and everyone else a reasonable chance of observing and
correcting them.

---Rsk
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg