Under Fire. A Modest Proposal for Email Anti-Virus.

Taking heavy fire from the NetSky.P and NetSky.Q virii, casualties are heavy. Trying to train Thunderchicken to filter it out but not having much luck. Hand-written Mail Rule doing most of the heavy lifting.

Email Anti-Virus providers, can we please seriously reconsider how we deal with email-borne virii? A few years ago, it was cool to just take out the virus attachment and send on the message. This was in the days before self-replicating virii, when all most of them did was attach themselves to normal outgoing mail.

This doesn’t work any more. The pencil-dick, never-kissed-a-girl, daddy-doesn’t-love-me, living-in-mommy’s-basement crowd of wanna-be l337 h4x0r5 who create and release virii have gotten smarter (relatively speaking) and the virii replicate themselves through Lookout and Lookout Express by reading address books and picking random “To” and “From” addresses. So, whenever there’s a massive virus outbreak, we get hundreds or thousands of emails which were never actually sent to us, with attached text files telling us the virus has been cleaned from the message. Not to mention bounce-backs for emails we never sent to non-existent addresses, and messages from various anti-virus programs warning us that the message we never sent has a virus, and we really should scan our system. Thanks, that’s really helpful.

Look, how hard would it be to just delete everything that has a virus? No bouncebacks, no warning messages, no disinfected emails; just /dev/null the sucker and pretend it never happened. Most emails that contain a virus payload are created by the virus itself and are not legitimate emails, so all disinfecting and sending the message on does is create spam. A warning message won’t do any good either, because the “From” header of a virus email is seldom where it actually comes from, so all the warning message will do is needlessly worry people who don’t actually have a virus.

Of course, we could avoid the worst of the virus problem if people would just wise up and stop using Lookout and Lookout Express. As for the virus writers themselves, castration is a good start…

Leave a Reply

Your email address will not be published. Required fields are marked *