June 23, 2008

Deposition challenges Trend Micro patent on virus scans

Author: Bruce Byfield

Goran Fransson, a Swedish developer and entrepreneur, has given a deposition in the Barracuda-Trend Micro case that appears to seriously undermine Trend Micro's patent on gateway virus scanning.

As Linux.com reported in January, Trend Micro is suing Barracuda Networks before the American International Trade Commission (ITC). Trend Micro's claim is that, by distributing Clam Antivirus (ClamAV), the free software security application, Barracuda is violating Trend Micro's patent 5623600, which was filed on 26 September, 1995, and has since been used against such companies as Symantec and McAfee. The case is being heard by the ITC apparently because of Trend Micro's claim that, because ClamAV is developed by programmers around the world, it is imported software in the United States.

Fransson was asked to testify in the case because he was the technology lead in a company called TenFour Sweden and its successors. According to Fransson, TenFour Sweden was a major competitor in Internet mail systems until about 1997, with over 13,000 clients at its height, largely in Sweden, the United Kingdom, and North America. In January 1995, TenFour released version 2.1 of TFS Gateway, its flagship product. Fransson claims to have proof that TFS Gateway 2.1 included gateway virus scanning.

As part of its defense, Barracuda took the unusual step of appealing to the free software community for help in finding prior art in the case. With the case potentially affecting not only free and open source software but also Internet security, the community responded enthusiastically.

Hearing rumors of TFS Gateway from community members, Barracuda contacted FoxT, an American company which once distributed TFS Gateway. Through FoxT, Barracuda's legal team at Wilson Sonsini Goodrich & Rosati eventually contacted Fransson at Human Brothers, his current company, which does business with FoxT.

Fransson gives three reasons for agreeing to testify. To start with, he says, "If there is anything I can do to establish the truth in the matter, I'd be happy to do so."

In addition, as a long-time expert, Fransson is concerned that the security industry is spending too much time on in-fighting and not enough time on educating people on the need for precautions or developing software that the public can easily use.

"I think it's time for the security industry to come together in common causes and stop fighting each other," he says. "That's why I'm glad to see companies like Barracuda that are trying to do something good for the Internet."

Most importantly, having had business contact with Eric Young and Tim Hudson, the original developers of OpenSSL and Eric Allman of Sendmail, Fransson is an admirer of free software.

While companies Fransson has worked with in the past have not always employed free software, Human Brothers is currently working with Zimbra, having found the licensing problems involved in supporting Microsoft Exchange next to impossible.

"I realized that this was a much bigger thing than helping one company," Fransson says. "It is a principle at stake here. The principle of open source is being threatened by one company. I haven't contributed much in the past, but I feel good about starting to contribute this way."

Fransson's testimony

After hearing from Barracuda's legal representatives, Fransson started searching his basement for old records. He says, "I found source code for the product from January of '95, an original manual, and even the packaging box and diskettes. I was able to install the product, and it actually still worked. I was able to enable virus scanning and all the things that Patent '600 is claiming that Trend Micro was doing first in September 1995."

In fact, Fransson has a memory that the previous version of the product also had virus scanning capacity. However, he is only able to document that version 2.1 of TFS Gateway had that functionality. "I found price lists that were valid from the first of January, and they include version 2.1," Fransson explains.

Last month, Fransson flew to California. After a couple of days of consulting with Barracuda's lawyers, he gave his deposition to the ITC. Fransson declined to give details of his testimony or to send a transcript of what he said, since his evidence is part of an ongoing case. However, he did outline his deposition in general terms, explaining that he stated that TFS Gateway "had a hook in it that could do virus scanning on attachments that came in through messaging," and that TenFour's competitors, such as MIMEsweeper, had similar functionality in their products. He also showed details of scanning functionality in the source code and the pages in the manual that explained how customers could set up virus scanning.

In addition, Fransson testified that, based on the registration dates entered in TenFour's support database, 380 American companies were using TFS Gateway before 26 September, 1995, the date on which Trend Micro applied for its patent.

Next steps

Fransson's deposition may be enough in itself to torpedo Trend Micro's case and patent. However, he suggests that the next move is to find the remnants of TenFour's American customers.

"I could give general information about how the product was used," he says, "But the details I can't recall. I can't say that this customer used it in this way in 1995. I remember some of the customers I was talking to, but I can't place those phone calls to a specific date or anything like that."

The problem, as he says, is that many of those companies no longer exist, and that many of his contacts have probably moved on in the past 13 years. Still, he remains optimistic. "Anybody who bought the product from the first of January 1995 to September 26th, 1995, and started using the product then -- those are the ones we're interested in getting a hold of."

In tracking down this information, Fransson warns, "One thing that people might not think of today is that, when we started our gateway business in '93, we got some strong recommendations from people in the industry not to call it a gateway. Because gateways had a bad reputation at the time. They were just something you had to add to an existing infrastructure, and they typically just created problems for you. People were trying to hide the gateway concept."

Evaluating the testimony

Since giving his testimony, Fransson remains a strong partisan in the case. His legal representative keeps him informed of the proceedings, and he continues to track down additional evidence for Barracuda. "Research is definitely taking away the question marks about what was happening in '95," he says.

On a general level, Fransson says, "It's ridiculous to say that Trend Micro were the first ones [with virus scanning]." If Trend Micro has a case at all, it lies in the details of the patent application. While Fransson has not studied the application in detail, he describes its explanation of the technology involved as "very strange," and giving no clear explanation of whether the gateway being referred to is hardware, software, or some combination of the two. His implication, in other words, is that Trend Micro's patent might survive, but in a much more limited form as a result of his testimony.

Asked to comment on Fransson's evidence, Trend Micro representative Michael Sweeny would only say, "This is a legal matter pending before the US International Trade Commission -- we do not wish to respond to speculation or industry reports."

However, Dean Drako, Barracuda's CEO, regards Fransson's evidence as significant. "We greatly appreciate the time that Goran Fransson took in coming forward to share this very important piece of prior art," Drako says. "We believe that his testimony is instrumental in our case against what we believe is an unjust patent claim by Trend Micro against Barracuda Networks and the open source ClamAV project. In our view, Goran is an open source hero."


  • News
  • Security
  • Legal
  • Community
Click Here!