ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] virus detectors, was where the message originated

2009-01-14 13:47:39
from [Franck Martin] [Permanent Link] 
I block a number of file extensions (all of which could contain a payload). I'd 
like to block doc attachments but they are a bt everywhere. I advice people to 
send as pdf (internally we usually don't do much than print/or read external 
documents) or to rename the extension. At least there is a not straight forward 
process, whihc gives an extra 5picosecond for people to think if it is a virus 
or not.

----- Original Message -----
From: "SM" <sm(_at_)resistor(_dot_)net>
To: "Anti-Spam Research Group - IRTF" <asrg(_at_)irtf(_dot_)org>
Sent: Thursday, 15 January, 2009 3:56:34 AM (GMT+1200) Auto-Detected
Subject: Re: [Asrg] virus detectors, was where the message originated

At 04:01 14-01-2009, John Levine wrote:

When I catch a virus and the sending IP is one for whom I have a known
contact address, I send off an autoreport with the first 50 lines of
the virus (in case they're wondering what virus it is), and the first


[snip]


Nonetheless, I have problems all the time with my reports being
rejected by poorly written virus filters.  In one case they've been
adding me to a virus sending blacklist, telling me that even though
they know I'm not sending viruses, their AV detects it so it must be
my fault.  Sheesh.


You also get that kind of reply (if detectors says so, then it must 
be true) about spam.

At 01:24 14-01-2009, David Wilson wrote:

I would be surprised if a non-malicious message would fall foul of AV
software unless it contained some kind of executable content. It should
not be surprising that a message with executable content runs into
problems.


The usual document formats (PDFs, .doc, etc) are also scanned for 
viruses nowadays.  They can fall foul of Anti-virus software.  The 
report (see first paragraph above) would have helped in identifying 
problems if the postmaster actually cared about mail delivery.

Regards,
-sm 

_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] where the message originated, David Wilson
Next by Date:  Re: [Asrg] where the message originated, Chris Lewis
Previous by Thread:  Re: [Asrg] virus detectors, was where the message originated, SM
Next by Thread:  [Asrg] Meta channel, not bounces (was: Re: where the message originated), Alessandro Vesely
Indexes:  [Date] [Thread] [Top] [All Lists]