Incorrect "virus" detection?

[Rose, Bobby]

I agree.  Since the W32/Goner days we block executibles because it took
the AV guys until the end of the business day to release definitions.

You can change the message in filename.confs so it tells them to rename
it.  That's what I did.  Anything caught by this rule also tells them
that they should rename it so that it only has one period.  

If you don't want the rule then just remove it.  

-----Original Message-----
From: Nick Phillips [mailto:nwp at LEMON-COMPUTING.COM] 
Sent: Tuesday, July 09, 2002 1:49 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Incorrect "virus" detection?


On Mon, Jul 08, 2002 at 11:16:39PM -0400, John Goggan wrote:

> I mean, I just had a person miss a file attachment that was not 
> infected simply because it ended in .july.doc.  :)
>
> > It's best to leave this option the way it is and try to avoid 
> > multiple extension file names...they're too dangerous in Windows.

Just how quick do you think it is possible for an AV vendor to be in
response to the arrival of a new virus?

How likely do you think it is that someone will send them a copy before
you get a copy, every time?

How badly do you want to avoid getting caught out when you (or your
network) are sent the latest greatest BIOS-flashing disk-wiping virus?

How inconvenient is it to educate people that using dots in filenames is
not a terribly great idea?


Your call.

--
Nick Phillips -- nwp at lemon-computing.com
Your lucky number has been disconnected.