dstiles - 8:19 pm on Sep 18, 2011 (gmt 0)
I completely missed that IP range as being Trend. According to the checks I made locally all of 150.11 - 150.100 is APNIC. But then, I was querying via ARIN, which is rubbish nowadays. :(
Checking on the number of "offensive" hits from this IP range I found about 20 recent IPs, all blocked for bad UA etc, several of them several times.
MSIE 6.0 is deprecated by MS so any serious use of it should, I think, be blocked. I log a security warning if it's used and kill any IP using it that looks iffy.
Checking for viruses after the event seems to be quite common. To be effective, viruses should be checked for on the "user's" computer at download time, not a few minutes or even hours later. Intercepting a "communication" is in any case illegal but probably supportable IF virus implantation can be prevented thereby. Talktalk is another offender in this and their checker is also blocked here (it's thought by some to be a precursor of a future advert pusher).
In general I block TrendMicro, although I do have one range listed as a static business one.