bogus "McAfee GroupShield Alert"

[John E. Malmberg]

It is more than a false-positive, There is a serious and stupid 
configuration error in their content scanner.  An option that should no 
longer even be allowed in such products because it is well known to only 
cause problems.

A content scanner should never be sending any notifications to the 
alleged sender, such notifications should only be going to the local 
security administrator of the network involved.

It has been well known in the anti-virus community for over 10 years 
that notifying the alleged from: address is always the wrong thing to do.

Any content scanner that is sending notifications to the alleged From: 
address is now being used by the virus writers to assist them in making 
a mess out of internet e-mail, because it allows them to use it as part 
of a distributed denial of service attack.

-John
wb8tyw at qsl.net
Personal Opinion Only


David Collier-Brown wrote:
>   For some reason, march-hare.com's virus filter is complaining
> when it sees email to me on the list.
>   Will the subscribers at march-hare please report this
> false positive to their McAfee administrator?
> 
> --dave
> 
> administrator at march-hare.com wrote:
> 
>> McAfee GroupShield™ Alert
>>
>> McAfee GroupShield discovered a problem with the following email. See 
>> your system administrator for further information.
>>
>> Date/Time sent: 08 May 2006 14:42:41
>> Subject line: Re: libtdb.h and libtdb.c
>> From: Andrew Bartlett
>> To: davecb at spamcop.net
>> Action taken:
>> Reason: Encrypted/Corrupted
>> Rule Group:
>>
>> Copyright © 1993-2003, Networks Associates Technology, Inc.
>> All Rights Reserved.
>> http://www.mcafeesecurity.com <http://www.mcafeesecurity.com/>
>>
>