Antivirus companies muting false alarms

They were wrong, and they were annoying, so now they've been stopped.

With a new version of Symantec's SMTP (Simple Mail Transfer Protocol) e-mail security product, the antivirus company is trying to end the proliferation of false e-mail notifications, which wrongly tell people they've sent e-mail containing a virus.

These messages are a growing nuisance, even for systems uninfected by any type of virus. In fact, the infected system generally belongs to someone else; the false notifications originate on the infected computer and are sent to the people listed in that machine's address book.

		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

Some people have been getting so frustrated at the high numbers of such e-mails that they have been dubbed "as annoying as spam," according to Greg Day, an architect at rival antivirus company Network Associates.

Concerns about system resources and storage, as well as employee productivity, played a major part in the planning of the product. The new version not only does away with the in-box-cluttering e-mail notifications but also removes malware, Symantec said.

Network Associates' Day is confident that all major antivirus companies will follow suit--including his own. He added, however, that many corporate customers "as an interim measure have already turned off user alerts."

"It's something we will do with each relevant product as soon as possible," Day said.

Will Sturgeon of Silicon.com reported from London.

[waltsjc]

Can be had for free

I have a fundimental problem with email server software that accepts viruses, and then generates a bounce AFTER the message has been accepted. This is just bad behavior exactly because of the forged sender problem.

If these AV companies would fix their poorly designed AV systems to reject virus laden messages at initial SMTP reception, ZERO false notification messages would ever be sent. Instead they decide to just not send notifications anymore.

In fact, this is exactly how the EXIM server with Exiscan patch, and CLAMAV works (all free open source products running at MAJOR sites, with tens of thousands of users each.)

[jeff_j_black]

Thanks...

Finally, now we can get back to the real bug hunt! No matter how many emails I send, or desktop visits spent explaining, 'No you don't have a virus...' and about how spoofing works, blah, blah.

I won't say it's about time, but thanks and I hope all the other vendors follow suit promptly!