[Asrg] virus detectors, was where the message originated
Franck Martin
franck at avonsys.com
Wed Jan 14 10:45:06 PST 2009
I block a number of file extensions (all of which could contain a payload). I'd like to block doc attachments but they are a bt everywhere. I advice people to send as pdf (internally we usually don't do much than print/or read external documents) or to rename the extension. At least there is a not straight forward process, whihc gives an extra 5picosecond for people to think if it is a virus or not.
----- Original Message -----
From: "SM" <sm at resistor.net>
To: "Anti-Spam Research Group - IRTF" <asrg at irtf.org>
Sent: Thursday, 15 January, 2009 3:56:34 AM (GMT+1200) Auto-Detected
Subject: Re: [Asrg] virus detectors, was where the message originated
At 04:01 14-01-2009, John Levine wrote:
>When I catch a virus and the sending IP is one for whom I have a known
>contact address, I send off an autoreport with the first 50 lines of
>the virus (in case they're wondering what virus it is), and the first
[snip]
>Nonetheless, I have problems all the time with my reports being
>rejected by poorly written virus filters. In one case they've been
>adding me to a virus sending blacklist, telling me that even though
>they know I'm not sending viruses, their AV detects it so it must be
>my fault. Sheesh.
You also get that kind of reply (if detectors says so, then it must
be true) about spam.
At 01:24 14-01-2009, David Wilson wrote:
>I would be surprised if a non-malicious message would fall foul of AV
>software unless it contained some kind of executable content. It should
>not be surprising that a message with executable content runs into
>problems.
The usual document formats (PDFs, .doc, etc) are also scanned for
viruses nowadays. They can fall foul of Anti-virus software. The
report (see first paragraph above) would have helped in identifying
problems if the postmaster actually cared about mail delivery.
Regards,
-sm
_______________________________________________
Asrg mailing list
Asrg at irtf.org
http://www.irtf.org/mailman/listinfo/asrg
More information about the Asrg
mailing list