[Asrg] where the message originated
Rich Kulawiec
rsk at gsp.org
Wed Jan 14 05:50:57 PST 2009
On Wed, Jan 14, 2009 at 09:24:45AM +0000, David Wilson wrote:
> I would be interested to know what actual numbers for, or perhaps some
> specific instances of, FP from anti-virus.
As more and more AV packages are being (incorrectly, in my opinion)
taught how to recognize phishes, I'm seeing more and more FP rejects
of *discussions* of phishes.
Like John, I've seen rejects based on partial virus-related content -
in some cases, apparently based on string matches.
But it is axiomatic that all anti-virus (and anti-spam) systems have
nonzero FP and FN rates (with the exception of the edge cases "reject all"
and "accept all"). Given that we know we will make these mistakes,
we need to consider how we can make them visibly, so that we give
ourselves and everyone else a reasonable chance of observing and
correcting them.
---Rsk
More information about the Asrg
mailing list