Dg maraknya worm.virus.MyDoom dan worm.mimail maka banyak anti virus notification yg salah kirim, shg sangat disarankan agar AV notification to sender/recipient di level server sebaiknya di non aktifkan saja.
--[Begin forwarded message]-- Date: Wed, 4 Feb 2004 11:35:26 +0700 From: Syafril Hermansyah <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: [MDaemon-L] Perlu/tidaknya AV notification to sender/recipient Hallo, Ada artikel bagus mengenai perlu/tidaknya AV notification ke sender/recipient http://www.theage.com.au/articles/2004/01/28/1075088064407.html Saya kutipkan sedikit hal-2x yg pokok --[begin quote]--- "It would be a simple feature for AV companies to implement some intelligence into their notification process ie. notification should only take place on viruses that are known to use real source addresses, and viruses that are known to use "spoofed" source addresses, should not be notified." --[end quote]-- Sampai hal ini bisa dilakukan oleh AV Engine (utk MDaemon artinya Kaspersky Labs), maka notification to sender/recipient tidak ada gunanya. Pendapat dari Russ Cooper ini patut diperhatikan : --[begin quote]-- Russ Cooper, editor of the NTBugTraq mailing list, said the bottom line was that if people cared, they should call; "otherwise, drop refuse on the floor instead of throwing it, or its wrapper, back on the internet." Cooper, who is also surgeon-general for TruSecure Corp, said most viruses these days used spoofed email addresses and therefore "using an anti-virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. "Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered." Cooper said: "Basically, the concept of providing notification to an email address you believe sent you a virus-laden message is well intentioned, but horribly not thought out. Firstly, it means for each virus email sent there may be, at least, one additional message sent (the notice). Ergo, every virus is twice as powerful as it is on its own. "Secondly, if your anti-virus program or mail server include the entire original message, or the virus attachment received, you are in fact potentially spreading the virus further than it could go itself. Imagine if the person you believe sent it to you didn't, now you send them the virus and bingo, you are the infector not the original virus writer. "Finally, you bounce to them, they bounce back to you. You get an infected message from a valid domain, but an invalid user at that domain. You bounce them back a warning. They bounce back to you saying the user doesn't exist. Gee, now we've tripled the volume. "And for what? You don't check to ensure they've cleaned the virus out of their system. You don't call them to ensure their potentially totally bogged down mail server has actually delivered your virus warning message to the right person. You don't even know if you're server was previously seen or perceived to be sending them the same virus, at which point they may have blocked any communication from you." --[end quote]-- -- syafril ------- Syafril Hermansyah --[End of forwarded message 8]-- -- syafril ------- Syafril Hermansyah MDaemon-L Moderators, menggunakan MDaemon 7.0R beta T under W3K --[YONSATU - ITB]--------------------------------------------- Arsip : <http://yonsatu.mahawarman.net> atau <http://news.mahawarman.net> News Groups : gmane.org.region.indonesia.mahawarman List Admin : <http://home.mahawarman.net/lsg2>
