[Asrg] Meta channel, not bounces
Chris Lewis
clewis at nortel.com
Thu Jan 15 13:04:40 PST 2009
David Wilson wrote:
> On Thu, 2009-01-15 at 10:45 -0500, Rich Kulawiec wrote:
>>>> Among other things, "malicious" isn't universal. And anti-virus
>> software
>>>> does not have a 0% FP rate.)
>>> I agree it cannot be 0%, but better than 0.000001% is expected.
>> I think that's hopelessly optimistic in real-world settings. I
>> routinely
>> see a handful of FP's every month -- then again, I tend to send out
>> mail
>> talking about spam and phishes and so on, which most people don't.
>> Also see Chris's excellent explanation, which I think is roughly
>> typical of that at many large sites (it's certainly similar to the
>> large sites I've worked on).
>
> If I read Chris' message, then I believe that he is not giving evidence
> for AV false positives.
That wasn't my point. My point was directly as to the "hazard" of
550-rejecting viruses. In that, despite having 550-rejected millions of
viruses (1.3M Mydooms/day at peak), we haven't, in 11 years, heard of
_one_ virus bounced by a MTA receiving one of our 550's landing in
anyone's lap, let alone infecting anyone.
That even if somehow blaming a virus on us for a 550 is extremely
unlikely, that out of 10's of millions of real viruses being rejected,
we would have heard of at least _one_. But we haven't.
Thus, the hazards of 550'ing viruses are vastly overblown.
Furhermore, since virus-intended rules aren't FP-free, the hazard of
losing the DSN on a FP is far higher than the largely non-existent
hazard of 550-ing a virus.
More information about the Asrg
mailing list