I have already put forth the suggestion that we flag the viruses where the From field can't be trusted and code the program to not send such a message when one such is found. We won't happen any time soon, however. :-( My other point is that the admins could turn the whole mechanism off too. Jimmy -----Original Message----- From: Seth Arnold [mailto:sarnold@private] Sent: Wednesday, August 20, 2003 3:54 PM To: 'crime@private ' Subject: Re: CRIME SOBIG ADVISORY On Wed, Aug 20, 2003 at 02:48:11PM -0700, Kuo, Jimmy wrote: > Are you referring to the situation where you get the Undeliverable message > because your name got forged in the From field, or about warnings issued by > AV companies on all the viruses, or both? Jimmy, if you are in position of sufficient influence, please, for the love of god please, get those silly "your message was <foo>" out of the virus scanners. :) The From_ line can't be trusted. The From: line can't be trusted. Both are forged these days. What I advocate for instead is the MTA returning a diagnostic before accepting the message for delivery -- that way, guilty people with olde fashionede virusese will still get the helpful notice they are infected, and innocent people [who incidently don't run outlook] don't get notified that a From_ or From: was forged. While I'm dreaming, I'd also like to see my gpg signatures let through. :) [Yes, bugtraq posts with gpg signatures kinda suck; 20+ "i'm on vacation" messages, 10+ "we've got a virus!!" messages...] </rant> -- "Now there are some who would like to re-write history --- `revisionist histororians' is what I like to call them." -- Pres. Bush on forged intelligence in the state of the union address
This archive was generated by hypermail 2b30 : Thu Aug 21 2003 - 16:51:46 PDT