[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications

Matthew.van.Eerde at hbinc.com Matthew.van.Eerde at hbinc.com
Thu Jun 30 12:30:04 EDT 2005 

Chris Gauch wrote:
> WBrown at e1b.org wrote:
> 
> This basically goes back to what David Skoll was saying about false
> positives on mail gateway AV virus scanners -- if the gateway AV
> scanner says it's a virus, chances are near 0% that the message was
> falsely classified.

I hate to disagree with David on his own list...

But it's all about risk and reward, isn't it.

Sure, chances are near 0%.  But the chance is still there.  Check the ClamAV list for some recent false positive reports, for example.  (Not picking on ClamAV - every AV scanner has this problem.)

If a real virus is missed, you might get infected.  Unless you have redundant protection levels, which most of us do nowadays.  If we're careful, that is.

If a real file is misread as a virus, you have dropped user mail.  The consequences of this depend on the nature of your relationship with the people that use your mail server.

> We have told our clients time and time again that the lack of an AV
> scanner on their mail server gives them a big "KICK ME!" sign with a
> bullseye on it, but the answer we always receive is "we don't want to
> spend the $, and especially time on implementing/installing/deploying
> an AV scanner", and they won't even consider open-source solutions
> because they lack the technical wherewithal to configure and maintain
> it, and don't want to pay for someone else to set it up for them, so
> that puts us in a difficult situation. 

If people want to get infected, let them.  As long as they back up their data... and they don't particularly care about information leaks... what's the harm?  It's their decision, not yours.  All you can do is inform them of possible consequences of their decisions.

The Titanic didn't have enough lifeboats... this was White Star's call...

-- 
Matthew.van.Eerde (at) hbinc.com                 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com         Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"

More information about the MIMEDefang mailing list