On Nov 15, 2004, at 10:40 AM, Dennis Skinner wrote:
Julian Mehnle wrote:Besides, if mail servers started
using SPF (or similar authentication techniques) to verify envelope sender
addresses, whoever publishes SPF records for his domains would be
Not to start another flame war, but I find it interesting that you take such a hard-nosed approach to what is and is not technically a virus, but are willing to use something that is considered by some hard-nosed types to be a bastardization of the SMTP and DNS protocols.
I didn't think this was becoming a flamewar...anyone else?....I thought this might be an interesting discussion.
It is not a hard nosed approach to protocols or what is or isn't a virus, it's (to me) the possibility that taking on spam with signatures is losing focus of the objective to Clam. When projects lose focus, the quality degrades, and there's greater chance of bugs being introduced.
I think (julian's?) original problem was that he didn't see why a virus scanner should shoulder the responsibility for every message that goes out saying "Hey, click here for k3wl new deals on Mort Gage rat3s! Yoove been approved!", when it's not a virus, it's something that is enticing people who should know better to click on it for free crap and more spam.
The "bastardization" of protocols is a response to the fact that administrators are quickly getting overwhelmed...people want a "free internet" but none of the unhappy stuff that comes with it, and administrators are getting saddled with the complaints. It's wearing people down. As patience grows thinner and complaints increase to a dull roar, the only "solution" would ultimately be whitelisting all mail servers that are "certified known good" and if you're not on that list, well, sorry buddy.
People recoil at that and are shocked...that would stifle the Internet and my access!! Well...that's where the compromise of "bastardized" protocols is being explored. So much time and resources are being poured into maintaining systems with so many people on them that the burden of fighting spam, viruses, spiruses, and now users that apparently lack enough sense not to respond to the low MoRtg Age rate mails and pleas to save Abu Demar's ailing sister with the promise of several million dollars to an offshore account that administrators are going to have to do SOMETHING radical before the signal to noise ratio on the Internet makes it, in the end, utterly useless to everyone and it all burns down into a useless pile of digital slag.
Oh,..and ClamAV and the Clam team have done a wonderful job so far with the antivirus thing. Please keep up the good work on that. But I'd still beg people favoring the idea of the spam fighting integration to instead volunteer to help the teams behind Spamassassin or other OSS spam filtering software efforts...they've been trying for quite some time more than the Clam team has, and that is precisely what their focus always has been. Otherwise, maybe consider a fork of code for ClamAV and another for ClamSpam or something like that, to show that this idea *could* be done without hurting the quality of the antivirus scanner or getting too many false positives or killing performance. I just see too much overlap between functionality between what people are proposing and what is already heavily used out there, and I'm sure the current anti-spam project teams would welcome volunteers who may have ideas on how to improve their programs in the war on idiots...er,...spammers.
-Bart
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
