[Asrg] virus detectors, was where the message originated
John Levine
johnl at taugh.com
Wed Jan 14 04:01:55 PST 2009
>I would be surprised if a non-malicious message would fall foul of AV
>software unless it contained some kind of executable content. It should
>not be surprising that a message with executable content runs into
>problems.
When I catch a virus and the sending IP is one for whom I have a known
contact address, I send off an autoreport with the first 50 lines of
the virus (in case they're wondering what virus it is), and the first
line of the base64 of the virus denatured with xxxx so that even if an
overenthusiastic Windows MUA were to try to run it, it wouldn't start.
Nonetheless, I have problems all the time with my reports being
rejected by poorly written virus filters. In one case they've been
adding me to a virus sending blacklist, telling me that even though
they know I'm not sending viruses, their AV detects it so it must be
my fault. Sheesh.
R's,
John
More information about the Asrg
mailing list