Elias wrote:
> I am getting very frustrated by how badly designed are some antivirus
> products. Every time someone posts something to the list that even
> mentions VBS, some viruses, or other innocuous text strings I get flooded
> by warning messages from this useless products.
>
> Particularly bad are the Sybari Software's Antigen for Exchange and
> Symantec's Norton AntiVirus for Microsoft Exchange.
It is not just false positives from the scanner part of these
products (perhaps "not even"), but the way they are configured and
set up. It seems many admins read a news story about a mass-mailing
virus that is said to use an attachment with a filename of, say:
i l o v e y o u . t x t . v b s
or
N a k e d W i f e . e x e
and as an interim measure to protect themselves before their gateway
virus scanner is updated to detect said virus, add a rule to
their content filter to reject messages containing the filename
string. Aside from being brain-dead in and of itself (this approach
is guaranteed to block timely Email information from lists such as
this, Focus-Virus and others) these "interim" solutions tend to be
forgotten two minutes after they are implemented, forcing people with
a significant message to get across to the ignorant admins to take
extraordinary steps, such as I had to above.
> Not only to they do a sloppy job at detecting viruses which results
> in many false positives, but instead of sending their warnings to
> the mail's envelope from address they send it to the mail's from, to,
> and cc headers.
This does not surprise me. It seems that few companies test their
Email gateway virus scanners for RFC standards compliance.
> From now on I will be treating this messages like out of office message
> and summarily deleting the addresses that generate them.
Excellent decision!
(BTW, for those not on SF's Focus-Virus list, we had a rather
"animated" discussion of these issues a couple of weeks back.)
Regards,
Nick FitzGerald
