Re: Eliminating Virus Spam

To: ietf at ietf.org
Subject: Re: Eliminating Virus Spam
From: James M Galvin <galvin at acm.org>
Date: Thu, 04 Jan 2001 09:19:06 -0500 (EST)
In-reply-to: <2425.978591494@brandenburg.cs.mu.OZ.AU>

This distinction between filtering content and virus scanning is
confusing because they are not the same thing.

To choose to filter content (restrict it to text/plain or some other
limited set) would be changing the policy of this elist.  That is more
than an operational decision and probably deserves more debate, although
not here.

To choose to scan for viruses is an operational decision.  I never said
anything about safety.  You can not do virus scanning principally for
safety reasons.  To be sure that's a contributing factor but the truth
is you're only as safe as your last virus description update.  We're all
whining about vacation and virus notices and how we want them filtered
off the elist and I just don't see how filtering for viruses in the
first place is any different.

This is about being a "good net citizen".  Sending a virus to me (the
royal "me" because like Ted T'so viruses are irrelevant to me personally
since I use a UNIX box, a safe MUA, and my email system scans for
viruses) is only going to teach me that you know how to contribute to
the abuse of the Internet.

The source of the problem is not me for letting you send me a virus.
The source of the problem is the originator who sent the message and the
IETF elist is being used like an open email relay is used by spammers.
The IETF elist is irresponsibly contributing to the waste of resources
and abuse of the Internet.  Send the problem back to the originator, not
to me.  Unsubscribing them may make you feel better but it doesn't give
you the chance to chastise them, again and again if you're lucky.

And the argument about virus scanning being platform specific is
specious.  Your vulnerability to a virus is directly proportional to how
well you protect yourself.  Software developers/suppliers contribute to
this problem but if you were protecting yourself they wouldn't be in
business.  Microsoft Windows may be the predominant OS that supports
applications that contribute to the development and distribution of
viruses, but it is the application data that is the virus not the OS.
Microsoft Word macros can be run on UNIX and text/html with javascript
runs virtually anywhere.

A virus scanner scans content, a sequence of bytes.  It can do this on
any platform, regardless of the intended destination platform of the
content.  The virus may be platform specific but that is irrelevant.

Jim

References:
- Re: Eliminating Virus Spam
  - From: Robert Elz

Prev by Date: Re: Eliminating Virus Spam
Next by Date: Re: Eliminating Virus Spam
Previous by thread: Re: Eliminating Virus Spam
Next by thread: Re: Eliminating Virus Spam
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Eliminating Virus Spam

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.