rant about anti-virus and spam, MS flamed

Kevin Miller Kevin_Miller at CI.JUNEAU.AK.US
Tue Feb 3 18:19:14 GMT 2004

>By my reckoning there are just over a dozen families of viruses that
>fake the sender address. I don't see managing a list of that size to be
>an issue. I would like to do my bit to reduce the quantity of malware
>out there where I can.

Since it's (inter)national beat a dead horse day, <g>, what I'd like to see
is for the AV companies to add a flag to their definitions as to whether
it's a spooffer or not.  Could be as little as a single bit turned on or off
in their pattern file database.  Not knowing the structure of the database,
it may be possible to set it w/o even adding any new fields in some cases.
Of course, they would have to reconfigure the scan engine to return true or
false and things like MS would have to have a snippet of code added to check
it, but as viruses get more sophisticated, maybe it's time for virus
scanners/responders to get more sophisticated too.

Sadly, the onus has to be on the AV companies at this point and I'm not
holding my breath that they're ever gonna read my humble suggestion.  But I
dunno - maybe someone from that universe does follow this list.  Guess I
better patent the idea quick!

Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Administrator, Mail
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

More information about the MailScanner mailing list