Journal jamie's Journal: Anti-virus spamware 5
So any anti-virus software that detects a virus, and then bounces a reply back to the alleged "sender," with a warning about how their product stopped the virus, serves no purpose except to advertise their product.
Such emails are (1) unsolicited and (2) commercial, and are therefore spam.
Example of spam I received from a Sophos product:
Dear Sender,
The Hays Personnel Services Internet Gateway has detected a virus in an email message that you sent. The email has been quarantined and has not been delivered to its intended recipient(s) .
Please scan and clean all your files and attachments to ensure they are free of viruses and then re-send your message.
For your reference, the details of the message you sent are:
Subject: hello
Date: Thu, 12 Feb 2004 11:20:25 +0800
Recipients:
[redacted]The Virus Detected: Scenarios/Incoming/Incoming Sophos Virus Scan: A virus has been detected: 'W32/MyDoom-A'.
[...]
A number of current viruses spoof the senders email address. If this email has been sent to you in error please accept our apologies.
For further information on the virus specified above, please refer to http://www.sophos.com/ virusinfo/
Whoever wrote that software either knew or should have known that MyDoom spoofs the From line. Therefore, the only reason for sending that mail to me was to say "look how great Sophos is at protecting this company from viruses -- maybe it can protect your company too!" Ironically, that company offers anti-spam solutions as well!
I offer a warning to any company thinking about installing an anti-virus email filter -- if you pick a product that responds to viruses by sending spam, your company's mail server may well be blocked by other mail servers around the world. It's not fair, but that's the way the world works now.
To anyone who writes a review of anti-virus email software: warn your readers off any package which spams!
And to anti-virus companies who engage in this sleazy scam: screw you.
"scam" is excessive (Score:3, Interesting)
You (and many others, I've seen the topic on NTBugTraq, for instance) expect the companies to add code to their project so that IF "virus found" is NOT on list of "From spoofers" THEN "send warning auto-reply" ELSE "do nothing." I think this is a reasonable feature request and one which a company could tout when comparing itself to its competitors.
I don't think leaving the auto-reply code unchanged amounts to a scam. I don't think all the companies need to release a free patch adding such code (after all, those running the antivirus software can always turn off the auto-replies). I think it's a feature to look for in the next version of any product. I think the situation calls for an awareness campaign to encourage those running these products to turn off the auto-replies and to encourage the companies to add the feature in their next version. I don't think calling the the companies spammers, just about the dirtiest thing you could call them, is productive.
Re:"scam" is excessive (Score:2)
Sure, if you think "doesn't spam" is a feature.
When writing email software, the default assumption should be that incoming data from a virus is bogus. Sure, that assumption can be reversed for particular, carefully-analyzed viruses. But will anyone seriously argue that data known to come from a virus should be considered trustworthy by default?
Re:"scam" is excessive (Score:2)
No, but it amounts to spam. I'd say my opinion on the matter varies depending on how much they try to sell you their product in the bounce messages. Sophos is really really bad, while others are not quite so bad. Sophos is way spam (imho), and some of them are not.
Dupe :) (Score:2)
I think this is the first repeat I've seen in an editor's journal
Re:Dupe :) (Score:2)