David Wilson wrote:
On Thu, 2009-01-15 at 10:45 -0500, Rich Kulawiec wrote:
Among other things, "malicious" isn't universal. And anti-virus
software
does not have a 0% FP rate.)
I agree it cannot be 0%, but better than 0.000001% is expected.
I think that's hopelessly optimistic in real-world settings. I
routinely
see a handful of FP's every month -- then again, I tend to send out
mail
talking about spam and phishes and so on, which most people don't.
Also see Chris's excellent explanation, which I think is roughly
typical of that at many large sites (it's certainly similar to the
large sites I've worked on).
If I read Chris' message, then I believe that he is not giving evidence
for AV false positives.
That wasn't my point. My point was directly as to the "hazard" of
550-rejecting viruses. In that, despite having 550-rejected millions of
viruses (1.3M Mydooms/day at peak), we haven't, in 11 years, heard of
_one_ virus bounced by a MTA receiving one of our 550's landing in
anyone's lap, let alone infecting anyone.
That even if somehow blaming a virus on us for a 550 is extremely
unlikely, that out of 10's of millions of real viruses being rejected,
we would have heard of at least _one_. But we haven't.
Thus, the hazards of 550'ing viruses are vastly overblown.
Furhermore, since virus-intended rules aren't FP-free, the hazard of
losing the DSN on a FP is far higher than the largely non-existent
hazard of 550-ing a virus.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg