At 10:27 PM 12/4/2005, Church, Chuck wrote:
What about all the viruses out there that don't forge addresses?
As others have noted, these are so far lost in the noise as to not be a factor.
Sending a warning message makes sense for these.
Why? Because you need to be the one to tell the sen
> From [EMAIL PROTECTED] Sun Dec 4 22:34:54 2005
> Date: Mon, 05 Dec 2005 04:30:26 + (GMT)
> From: "Christopher L. Morrow" <[EMAIL PROTECTED]>
> Subject: Re: Clueless anti-virus products/vendors (was Re: Sober)
> To: "Steven M. Bellovin" <[EMAIL PROTECTED]>
> Cc: "Church, Chuck" <[EMAIL PROT
On Sun, 4 Dec 2005, Steven M. Bellovin wrote:
> In message <[EMAIL PROTECTED]>, "Chur
> ch, Chuck" writes:
> >
> >What about all the viruses out there that don't forge addresses?
> >Sending a warning message makes sense for these. Unless someone has
>
> A-V companies are in the business of analy
On Sun, 4 Dec 2005, Church, Chuck wrote:
> What about all the viruses out there that don't forge addresses?
Not that there are nearly as many -- the main scourge is sender-forging
worms by a better than 90%/10% margin -- but I very specifically mentioned:
> > > (Virus "warnings" to forged addre
An even more cynical way would be to say that most antivirus
companies aren't in the business of analyzing viruses - they are in
the business of selling antivirus software.
I believe that is the fundamental problem.
Jamie
--
Jamie C. Pole
[EMAIL PROTECTED]
http://www.jcpa.com
InfoSec /
SMB> Date: Sun, 04 Dec 2005 23:04:52 -0500
SMB> From: Steven M. Bellovin
SMB> A-V companies are in the business of analyzing viruses. They should
SMB> *know* how a particular virus behaves.
The cynical would say they _do_ know, and "accidental" backscatter is a
way to advertise their products
In message <[EMAIL PROTECTED]>, "Chur
ch, Chuck" writes:
>
>What about all the viruses out there that don't forge addresses?
>Sending a warning message makes sense for these. Unless someone has
>done the research to determine the majority of viruses forge addresses,
>you really can't complain abo
On Sunday 04 December 2005 21:27, Church, Chuck wrote:
> What about all the viruses out there that don't forge addresses?
> Sending a warning message makes sense for these. Unless someone has
> done the research to determine the majority of viruses forge addresses,
> you really can't complain abo
Better safe than sorry. Unless you can determine that it isn't
forged, you shouldn't be sending anything because there is so much
out there forging From: addresses (or To: for that matter, with Bcc:).
So, this isn't about ideal vs ok-close-enough. Don't send me crap
unless you have a r
>>What about all the viruses out there that don't forge addresses?
What virus in the past 2 years doesn't forge the from address?
George Roettger
What about all the viruses out there that don't forge addresses?
Sending a warning message makes sense for these. Unless someone has
done the research to determine the majority of viruses forge addresses,
you really can't complain about the fact that the default is to warn.
Calling vendors 'cluel
CO> Date: Mon, 28 Nov 2005 14:57:58 -0600 (CST)
CO> From: Chris Owen
CO> However, I do think Akamai would be better off getting their issues with
CO> their replacement boxes straightened out. I agree that we get value for
CO> having the boxes on our network (and so do they lets not forget).
*sh
> From [EMAIL PROTECTED] Sun Dec 4 17:19:43 2005
> Date: Sun, 04 Dec 2005 15:18:29 -0800
> From: Steve Sobol <[EMAIL PROTECTED]>
> To: Rich Kulawiec <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re: Clueless anti-virus products/vendors (was Re: Sober)
>
>
> Rich Kulawiec wrote:
>
> > An
Rich Kulawiec wrote:
And thus we now have blacklist entries such as:
barracuda1.aus.texas.net
barracuda.yale-wrexham.ac.uk
barracuda.morro-bay.ca.us
barracuda.ci.mtnview.ca.us
barracuda.elbert.k12.ga.us
barracuda.fort-dodge.k12.ia.us
barr
On Sun, 4 Dec 2005, W.D.McKinney wrote:
> > (Virus "warnings" to forged addresses are UBE, plain and simple.)
>
> Since when? I disagree.
UBE = "unsolicited bulk e-mail".
Which of those three words do[es] not apply to virus "warning" backscatter
to forged envelope/From: addresses? Think carefu
On Sun, Dec 04, 2005 at 09:58:20AM -0500, Todd Vierling wrote:
> If it is on by default, it is a bug, and not operator error.
(In the case of the Barracuda) there are at least two such switches:
one for spam, one for viruses. Note that when both are set to "off" that
the box still occasionally e
On Dec 4, 2005, at 2:06 PM, W.D.McKinney wrote:
Can people building virus scanning devices PLEASE GET A %^&*^ CLUE?
This means you, Barricuda Networks, more than anyone else, but we
also see this annoyance from Symantec devices, and from some AOL
systems as well.
It's a simple switch in the
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
> Todd Vierling
> Sent: Sunday, December 04, 2005 5:58 AM
> To: W.D.McKinney
> Cc: [EMAIL PROTECTED]
> Subject: Re: Clueless anti-virus products/vendors (was Re: Sober)
>
>
> On Sat, 3 Dec 2005, W.D.M
On Sat, 3 Dec 2005, W.D.McKinney wrote:
> >Can people building virus scanning devices PLEASE GET A %^&*^ CLUE?
> >This means you, Barricuda Networks, more than anyone else, but we
> >also see this annoyance from Symantec devices, and from some AOL
> >systems as well.
>
> It's a simple switch in t
19 matches
Mail list logo
