bogus "McAfee GroupShield Alert"
John E. Malmberg
wb8tyw at qsl.net
Mon May 8 12:21:53 GMT 2006
It is more than a false-positive, There is a serious and stupid
configuration error in their content scanner. An option that should no
longer even be allowed in such products because it is well known to only
A content scanner should never be sending any notifications to the
alleged sender, such notifications should only be going to the local
security administrator of the network involved.
It has been well known in the anti-virus community for over 10 years
that notifying the alleged from: address is always the wrong thing to do.
Any content scanner that is sending notifications to the alleged From:
address is now being used by the virus writers to assist them in making
a mess out of internet e-mail, because it allows them to use it as part
of a distributed denial of service attack.
wb8tyw at qsl.net
Personal Opinion Only
David Collier-Brown wrote:
> For some reason, march-hare.com's virus filter is complaining
> when it sees email to me on the list.
> Will the subscribers at march-hare please report this
> false positive to their McAfee administrator?
> administrator at march-hare.com wrote:
>> McAfee GroupShield Alert
>> McAfee GroupShield discovered a problem with the following email. See
>> your system administrator for further information.
>> Date/Time sent: 08 May 2006 14:42:41
>> Subject line: Re: libtdb.h and libtdb.c
>> From: Andrew Bartlett
>> To: davecb at spamcop.net
>> Action taken:
>> Reason: Encrypted/Corrupted
>> Rule Group:
>> Copyright © 1993-2003, Networks Associates Technology, Inc.
>> All Rights Reserved.
>> http://www.mcafeesecurity.com <http://www.mcafeesecurity.com/>
More information about the samba-technical