sobig and MS headers

[Antony Stone]

On Tuesday 19 August 2003 4:08 pm, Peter Peters wrote:

> On Tue, 19 Aug 2003 10:49:31 -0400, you wrote:
> >Actually, I don't think you have to worry.  I'm pretty sure MS doesn't
> >care what the headers say, as far as scanning goes.  I seem to have been
> >mistaken about that. I'm sure someone will point that out soon enough.
>
> But in organizations using the default header and add a new header users
> could filter on the wrong header.

People should be filtering on headers pessimistically.

In other words they should be looking for a header saying "Found to be
infected" and putting the mail in the nasty folder; only if there isn't one
of these headers should they process mailinto nice folders.

It's not a good idea to look for "Found to be clean" and put it into the nice
folders without checking to see if the headers say anything else as well.

It's a bit like using two (or more) virus scanners - if one tells you there's
a virus, and the other tells you there isn't, what should you assume about
the file?   I say you should assume it's infected, not assume it's clean.

Antony.

--

If builders built buildings the way programmers write programs,
then the first woodpecker that came along would destroy civilisation.