"Willson, Jim" wrote: > > Yes, but what if the external recipient does not know they have a virus and > the message from Antigen is the first to tell them? I certainly understand > that minimizing network traffic is a desired result, but wouldn't end users > like to know that they have a virus? > > [...] End users should know enough not to click on attachments, and should be running anti-virus software besides, but that's not even the point here; nor is anything having to do with network traffic (though that's a side effect, not mentioned before, which might also be considered). In what way does receiving messages (potentially large numbers of messages) from other recipients' systems saying "I've stripped off a virus" or "I've stripped off a *.bat file without even checking if it had a virus just because *.bat files are inherently bad" tell an end user that he/she has a virus? In fact, the messages are saying that he/she does NOT have a virus, even though the stripping only applied to some other user's system. I concede that getting a dozen or more Antigen messages from other systems would certainly get the point across to a user that somewhere in his mailing list mail there is a message with something in it which Antigen disapproves of, but the Antigen messages, in my experience, rarely specify where they are coming from (unless the user is savvy enough to switch to full- header mode in his/her mail browser) and what exact message they were complaining about, which only adds to end-user confusion. In fact, in the case which began the thread, one of the Antigen messages altered its own return address to appear to come from the users' local E-mail system, instead of the system on which it was really installed, thus further implying that the user's own E-mail system had taken care of the problem (which it had not, as Antigen is not installed on it). This does not just cause end-user confusion, but also generates end-user misinformation as well. Note that I have no objection to an anti-virus package's sending a notice to the single user who originally sent the offending message, and who presumably is the one who definitely already has the virus (if any). Then that user can, if he/she wishes, send out a message to the mailing list warning about and apologizing for the virus. I also do not object to sending a message to the folks on the local system to let them know that they have received an actually-cleaned-up copy of the E-mail message instead of the allegedly infected original. It's sending out the "I've cleaned it" message to everyone on a list, local or not, which makes no sense. Going further and altering a return address to make it look like a user's own system has cleaned out a "bad" attachment when it has done nothing of the kind not only makes no sense, it is a potentially dangerous lie. -- George ------------------------------------------------------------------------ George J Perkins [log in to unmask] Work: 517-432-3820 125 Physics-Astronomy Bldg, MSU Home: 517-332-2746 FAX: 517-353-4500 East Lansing, MI 48824-1116 http://www.pa.msu.edu/people/perkins/