To Scan or Not to Scan?

That is the question—and if you do scan, do you tell your subscribers about it—or not? The ISP-Tech discussion list contemplates the merits of scanning for e-mail contagions.

[February 12,2001]

On the ISP-Tech list in January, ST asked,

"We get a fair number of viruses that are sent to our customers. How many of you scan the mail as it comes thru your mail servers?"

RB noted a significant problem with that idea:

"Consider this. You advertise that you scan for viruses; what happens if a virus gets through? You're now liable! When selling to people who have little to no idea about computers, let alone the Internet, it's best to offer an 'untouched' service."

Other suggested some possible ways to get around the problems:

[JL advised] "Should an ISP wish to give this sort of thing a shot, it's important to include in your Subscriber Agreement and anywhere else appropriate the clear statement that such services are offered on a 'best effort,' 'as is' basis. Most subscriber agreements define basic dial-up services that way. Common as they are, such caveats may or may not be legal everywhere, and they may not provide adequate protection from litigation, so consult your attorney before relying on them."

[TNA countered] "If you want to get around all the litigation, simply offer to put any email that your system identified as infected into a quarantine area. Then it is up to the customer to decide whether or not to download the file."

LC had a problem with TNA's suggestion:

"Fine, but the risk lies in offering email scanning and then having one virus get through to cause damage, with the ISP being held responsible for a defective product. And I really wouldn't want to get involved with micro-managing hundreds of quarantined messages. They should be effectively out of reach."

JR had a completely different perspective:

"We just started doing email virus scanning, and we did not and will not tell our users we're doing it. We do it to cut down on the number of 'My husband opened this Snow White thing and now my Internet does not work' calls. We've only been doing it for a few weeks now, and I do think it has helped. All the customer knows is they are getting fewer viruses (I don't think this scanning is catching everything), and we are getting less calls. Worth the cost in our book."

—End