"Willson, Jim" wrote:
>
> Yes, but what if the external recipient does not know they have a virus and
> the message from Antigen is the first to tell them? I certainly understand
> that minimizing network traffic is a desired result, but wouldn't end users
> like to know that they have a virus?
>
> [...]
End users should know enough not to click on attachments, and should be
running anti-virus software besides, but that's not even the point here;
nor is anything having to do with network traffic (though that's a side
effect, not mentioned before, which might also be considered).
In what way does receiving messages (potentially large numbers of
messages) from other recipients' systems saying "I've stripped off a
virus" or "I've stripped off a *.bat file without even checking if it
had a virus just because *.bat files are inherently bad" tell an end
user that he/she has a virus? In fact, the messages are saying that
he/she does NOT have a virus, even though the stripping only applied
to some other user's system. I concede that getting a dozen or more
Antigen messages from other systems would certainly get the point
across to a user that somewhere in his mailing list mail there is a
message with something in it which Antigen disapproves of, but the
Antigen messages, in my experience, rarely specify where they are
coming from (unless the user is savvy enough to switch to full-
header mode in his/her mail browser) and what exact message they
were complaining about, which only adds to end-user confusion.
In fact, in the case which began the thread, one of the Antigen
messages altered its own return address to appear to come from the
users' local E-mail system, instead of the system on which it was
really installed, thus further implying that the user's own E-mail
system had taken care of the problem (which it had not, as Antigen
is not installed on it). This does not just cause end-user confusion,
but also generates end-user misinformation as well.
Note that I have no objection to an anti-virus package's sending a
notice to the single user who originally sent the offending message,
and who presumably is the one who definitely already has the virus
(if any). Then that user can, if he/she wishes, send out a message
to the mailing list warning about and apologizing for the virus.
I also do not object to sending a message to the folks on the local
system to let them know that they have received an actually-cleaned-up
copy of the E-mail message instead of the allegedly infected original.
It's sending out the "I've cleaned it" message to everyone on a list,
local or not, which makes no sense. Going further and altering a return
address to make it look like a user's own system has cleaned out a "bad"
attachment when it has done nothing of the kind not only makes no sense,
it is a potentially dangerous lie.
--
George
------------------------------------------------------------------------
George J Perkins [log in to unmask] Work: 517-432-3820
125 Physics-Astronomy Bldg, MSU Home: 517-332-2746 FAX: 517-353-4500
East Lansing, MI 48824-1116 http://www.pa.msu.edu/people/perkins/
