Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Journal jamie's Journal: Anti-virus spamware 5

Every anti-virus software manufacturer knows that viruses fake their From addresses. This has been true for years.

So any anti-virus software that detects a virus, and then bounces a reply back to the alleged "sender," with a warning about how their product stopped the virus, serves no purpose except to advertise their product.

Such emails are (1) unsolicited and (2) commercial, and are therefore spam.

Example of spam I received from a Sophos product:

Dear Sender,

The Hays Personnel Services Internet Gateway has detected a virus in an email message that you sent. The email has been quarantined and has not been delivered to its intended recipient(s) .

Please scan and clean all your files and attachments to ensure they are free of viruses and then re-send your message.

For your reference, the details of the message you sent are:
Subject: hello
Date: Thu, 12 Feb 2004 11:20:25 +0800

The Virus Detected: Scenarios/Incoming/Incoming Sophos Virus Scan: A virus has been detected: 'W32/MyDoom-A'.


A number of current viruses spoof the senders email address. If this email has been sent to you in error please accept our apologies.

For further information on the virus specified above, please refer to virusinfo/

Whoever wrote that software either knew or should have known that MyDoom spoofs the From line. Therefore, the only reason for sending that mail to me was to say "look how great Sophos is at protecting this company from viruses -- maybe it can protect your company too!" Ironically, that company offers anti-spam solutions as well!

I offer a warning to any company thinking about installing an anti-virus email filter -- if you pick a product that responds to viruses by sending spam, your company's mail server may well be blocked by other mail servers around the world. It's not fair, but that's the way the world works now.

To anyone who writes a review of anti-virus email software: warn your readers off any package which spams!

And to anti-virus companies who engage in this sleazy scam: screw you.

This discussion was created by jamie (78724) for no Foes and no Friends' foes, but now has been archived. No new comments can be posted.

Anti-virus spamware

Comments Filter:
  • "scam" is excessive (Score:3, Interesting)

    by extra88 ( 1003 ) on Friday February 27, 2004 @01:48PM (#8409618)
    I think you're over-empasizing the amount of intent here. These programs have long had an auto-reply warning option, long before From: spoofing became a common practice. These auto-replies have been a binary option, you either send the warnings for all infected messages or you don't send any. For viruses not known for their use of From: spoofing, these warnings still serve a pupose beyond the advertising angle.

    You (and many others, I've seen the topic on NTBugTraq, for instance) expect the companies to add code to their project so that IF "virus found" is NOT on list of "From spoofers" THEN "send warning auto-reply" ELSE "do nothing." I think this is a reasonable feature request and one which a company could tout when comparing itself to its competitors.

    I don't think leaving the auto-reply code unchanged amounts to a scam. I don't think all the companies need to release a free patch adding such code (after all, those running the antivirus software can always turn off the auto-replies). I think it's a feature to look for in the next version of any product. I think the situation calls for an awareness campaign to encourage those running these products to turn off the auto-replies and to encourage the companies to add the feature in their next version. I don't think calling the the companies spammers, just about the dirtiest thing you could call them, is productive.

    • I think this is a reasonable feature request and one which a company could tout when comparing itself to its competitors.

      Sure, if you think "doesn't spam" is a feature.

      When writing email software, the default assumption should be that incoming data from a virus is bogus. Sure, that assumption can be reversed for particular, carefully-analyzed viruses. But will anyone seriously argue that data known to come from a virus should be considered trustworthy by default?

      I think it's a feature to look for i

    • I don't think leaving the auto-reply code unchanged amounts to a scam.

      No, but it amounts to spam. I'd say my opinion on the matter varies depending on how much they try to sell you their product in the bounce messages. Sophos is really really bad, while others are not quite so bad. Sophos is way spam (imho), and some of them are not.
  • There's actually a disucssion of this attached to Anti-Virus Companies: Tenacious Spammers [] with some good comments on the subject.

    I think this is the first repeat I've seen in an editor's journal :)

The rich get rich, and the poor get poorer. The haves get more, the have-nots die.