Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Anti-virus spamware

jamie (78724) writes | more than 10 years ago

Spam 5

Every anti-virus software manufacturer knows that viruses fake their From addresses. This has been true for years.

So any anti-virus software that detects a virus, and then bounces a reply back to the alleged "sender," with a warning about how their product stopped the virus, serves no purpose except to advertise their product.

Such emails are (1) unsolicited and (2) commercial, and are therefore spam.

Every anti-virus software manufacturer knows that viruses fake their From addresses. This has been true for years.

So any anti-virus software that detects a virus, and then bounces a reply back to the alleged "sender," with a warning about how their product stopped the virus, serves no purpose except to advertise their product.

Such emails are (1) unsolicited and (2) commercial, and are therefore spam.

Example of spam I received from a Sophos product:

Dear Sender,

The Hays Personnel Services Internet Gateway has detected a virus in an email message that you sent. The email has been quarantined and has not been delivered to its intended recipient(s) .

Please scan and clean all your files and attachments to ensure they are free of viruses and then re-send your message.

For your reference, the details of the message you sent are:
Subject: hello
Date: Thu, 12 Feb 2004 11:20:25 +0800
Recipients:
[redacted]

The Virus Detected: Scenarios/Incoming/Incoming Sophos Virus Scan: A virus has been detected: 'W32/MyDoom-A'.

[...]

A number of current viruses spoof the senders email address. If this email has been sent to you in error please accept our apologies.

For further information on the virus specified above, please refer to http://www.sophos.com/ virusinfo/

Whoever wrote that software either knew or should have known that MyDoom spoofs the From line. Therefore, the only reason for sending that mail to me was to say "look how great Sophos is at protecting this company from viruses -- maybe it can protect your company too!" Ironically, that company offers anti-spam solutions as well!

I offer a warning to any company thinking about installing an anti-virus email filter -- if you pick a product that responds to viruses by sending spam, your company's mail server may well be blocked by other mail servers around the world. It's not fair, but that's the way the world works now.

To anyone who writes a review of anti-virus email software: warn your readers off any package which spams!

And to anti-virus companies who engage in this sleazy scam: screw you.

cancel ×

5 comments

Sorry! There are no comments related to the filter you selected.

"scam" is excessive (2, Interesting)

extra88 (1003) | more than 10 years ago | (#8409618)

I think you're over-empasizing the amount of intent here. These programs have long had an auto-reply warning option, long before From: spoofing became a common practice. These auto-replies have been a binary option, you either send the warnings for all infected messages or you don't send any. For viruses not known for their use of From: spoofing, these warnings still serve a pupose beyond the advertising angle.

You (and many others, I've seen the topic on NTBugTraq, for instance) expect the companies to add code to their project so that IF "virus found" is NOT on list of "From spoofers" THEN "send warning auto-reply" ELSE "do nothing." I think this is a reasonable feature request and one which a company could tout when comparing itself to its competitors.

I don't think leaving the auto-reply code unchanged amounts to a scam. I don't think all the companies need to release a free patch adding such code (after all, those running the antivirus software can always turn off the auto-replies). I think it's a feature to look for in the next version of any product. I think the situation calls for an awareness campaign to encourage those running these products to turn off the auto-replies and to encourage the companies to add the feature in their next version. I don't think calling the the companies spammers, just about the dirtiest thing you could call them, is productive.

Re:"scam" is excessive (1)

jamie (78724) | more than 10 years ago | (#8409792)

I think this is a reasonable feature request and one which a company could tout when comparing itself to its competitors.

Sure, if you think "doesn't spam" is a feature.

When writing email software, the default assumption should be that incoming data from a virus is bogus. Sure, that assumption can be reversed for particular, carefully-analyzed viruses. But will anyone seriously argue that data known to come from a virus should be considered trustworthy by default?

I think it's a feature to look for in the next version of any product.

I think last year, or the year before, it was a feature to look for in the next version. It's 2004.

Re:"scam" is excessive (1)

Elwood P Dowd (16933) | more than 10 years ago | (#8415551)

I don't think leaving the auto-reply code unchanged amounts to a scam.

No, but it amounts to spam. I'd say my opinion on the matter varies depending on how much they try to sell you their product in the bounce messages. Sophos is really really bad, while others are not quite so bad. Sophos is way spam (imho), and some of them are not.

Dupe :) (1)

GeorgeH (5469) | more than 10 years ago | (#8411971)

There's actually a disucssion of this attached to Anti-Virus Companies: Tenacious Spammers [slashdot.org] with some good comments on the subject.

I think this is the first repeat I've seen in an editor's journal :)

Re:Dupe :) (1)

jamie (78724) | more than 10 years ago | (#8412914)

Ha! Right you are. I just wrote this up because I noticed this in my inbox today, and was annoyed. I suck.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>