Bugtraq mailing list archives
Re: RFC: virus handling
From: Casper Dik <casper () holland sun com>
Date: Tue, 03 Feb 2004 23:57:06 +0100
-----Original Message----- From: Daniele Orlandi [mailto:daniele () orlandi com]I use amavisd-new which has support for listing viruses/worms that fake the sender's email address. Unfortunatelly the list is external to the actual virus scanner and has to be updated manually.Given that the majority of new viruses forge the sender's email address, I think the reverse would make more sense -- have a list of viruses that *don't* forge, and only send notifications for those.
Considering that virus scanners still operate using signatures, it seems logical to include a flag for each specific virus so that when it is recognized the virus software knows that they shouldn't bother me. (A, and yes, it is a lot of fun that those virus scanner vendors sell *localized* versions of their software so I've now had them tell me in more languages and character sets than I care to remember how bloody incompetent they are.) Casper
Current thread:
- Re: RFC: virus handling, (continued)
- Re: RFC: virus handling Shawn McMahon (Feb 07)
- Re: RFC: virus handling Craig Morrison (Feb 02)
- Re: RFC: virus handling James C. Slora Jr. (Feb 03)
- Re: RFC: virus handling John Fitzgibbon (Feb 02)
- Re: RFC: virus handling Dave Clendenan (Feb 03)
- Re: RFC: virus handling Volker Kuhlmann (Feb 04)
- Re: RFC: virus handling Dave Clendenan (Feb 03)
- Re: RFC: virus handling Daniele Orlandi (Feb 02)
- Re: RFC: virus handling Pavel Kankovsky (Feb 02)
- Re: RFC: virus handling Dave Aronson (Feb 02)
- RE: RFC: virus handling David Brodbeck (Feb 03)
- Re: RFC: virus handling Casper Dik (Feb 04)