A new email anti-virus low

[prev] [thread] [next] [lurker] [Date index for 2005/04/12]

From: Michael G Schwern
Subject: A new email anti-virus low
Date: 10:31 on 12 Apr 2005
  The attached message sent to you did not meet the Bosch security policy.

  Sender: epgbc@xxxxxxxx.xxx.xxxxxxxxx.xx
  Recipients: schwern@xxxxx.xxx
  Subject: "hello"
  Time: Tue Apr 12 08:41:39 2005
  File: body.scr

  The original, cleaned message has been attached to this notification.

I didn't sent the email.  It doesn't even LOOK LIKE I sent the email!  So
why is your anti-virus software telling me YOU sent me a virus?  What can
I do about it?

Compounding this genius, after it had stripped off the virus it let the
mangled result through.  Not only is this unwise as false positives could
make you look like an idiot ("Joe, why did you try to send me a virus?"
"It was a zip of our latest brochure, I swear!"), the negatives aren't likely
to contain a whole lot of useful data!   As a matter of fact, it stripped
every bit of content off the email but the subject line.  At this point
you'd think some rule would kick in "If no content left don't bother sending
it!"

What in the hell were the designers thinking?  This is Trend Micro, they've
been doing this stuff for years!  The software starts at $800 and goes
up to $43K for 2500 users!  FOR A FREAKIN EMAIL VIRUS SCANNER?!  What do they
do with all that money?  Not hire decent programmers, apparently.

Hating while training SpamAssassin for this new flood.

Generated at 02:00 on 13 Apr 2005 by mariachi 0.52