LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

I actually have to disagree with you on this one

I actually have to disagree with you on this one

Posted Aug 21, 2003 5:40 UTC (Thu) by dlang (subscriber, #313)
Parent article: On the value of virus notifications

the problem is that anti-spam software still has a noticable (i.e. non-zero) false positive rate and as a result if you just have it delete messages with no notification you will delete legitamate mail without anyone knowing about it.

if we could actually get postmasters to wade through the long list of messages that are marked as spam/virus infected on a regular basis we could leave the messages there and still count on them getting to their destination, but to be honest very few companies are willing to pay people for this time consuming (and usually very low return) work so the current comprimise is to alert the sender (as best as that can be determined) and let them figure out what to do

(Log in to post comments)

I actually have to disagree with you on this one

Posted Aug 21, 2003 16:07 UTC (Thu) by rfunk (subscriber, #4054) [Link]

the problem is that anti-spam software still has a noticable (i.e. non-zero) false positive rate and as a result if you just have it delete messages with no notification you will delete legitamate mail without anyone knowing about it.

Yes, so the AV software should send a message to the recipient, not the sender. Preferably the recipient should get a sanitized version of the original.

BTW, so far I've managed to mitigate the notification problem with this procmail rule: 

 
:0 
* 1^1 ^Subject:\/.*virus found and action taken 
* 1^1 ^Subject:\/ ALERT *- *GroupShield 
* ! ^Subject: Re: 
{ 
        LOG="Dropping virus notice: $MATCH 
" 
        HOST 
}

Wiki for collecting virus bounce rules for SpamAssassin

Posted Aug 21, 2003 16:21 UTC (Thu) by colink (guest, #274) [Link]

http://www.exit0.us/index.php/VirusBounceRules

spam or virus

Posted Aug 21, 2003 19:07 UTC (Thu) by Ross (subscriber, #4065) [Link]

We're talking about virus notifications. I know these sometimes have
false positives (I belive gzip'ed files are often mistaken as infected
Windows executables), in cases like this, they can be identified with
100% accuracy. I don't think a notification is appropriate when the
message is known to be generated by a mail worm which forges email
headers.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds