rant about anti-virus and spam, MS flamed

[Matt Kettler]

At 06:43 PM 1/28/2004, you wrote:
>Not all viruses automatically email themselves. That's the point to my
>answer. He wanted an example and I gave one. :)

Fair enough.. I guess I live in a hole, since I've not seen a copy of a
file-infector virus that doesn't also do mass emailing running around in
the wild in several years. Sure they were all the rage in 1996 and I've
seen plenty of them, but it's been a while.

Mass-mailing email worms with forged From's are the _only_ viruses I've
seen, or heard of anyone encountering, in the past 2 years. Some of them do
file infections and travel over file-sharing tools and/or LAN shares as
well, but since they also mass-mail they can't be counted for this.

I've also seen some trojan's floating about, but those aren't file
infectors and there's no reason to reply to the sender.. the originator of
a trojan knows they did it, and is usually sent attached to some kind of
"free porn" spam with forged headers.

However, looking on the AV websites, such file-only infectors of recent
design do exist, albeit not very widespread:

i.e:
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.pokibat.html

So I guess the crux of the problem is, how can MailScanner be made to get
reliable information from the AV scanner as to wether or not a virus
mass-mails. If you can do that, the reply-to-sender might become useful again.

Otherwise, you're in a situation where you need to keep it off, or keep
manually updating a list of "silent viruses" before too much damage can be
done.