Sobig getting tagged as spam not virus
Alan Fiebig
mailscanner at ELKNET.NET
Fri Aug 22 15:26:18 IST 2003
Julian,
Thanks for looking into this.
In the short term...
According to the virus experts, the subject line of Sobig.F is one of the following:
Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details
What if I created a Spamassassin ruleset that checks for those subjects, and if a match is made, give it a big negative score? That would prevent Sobig from being rejected as a spam, and pass it on to the virus checking stage.
Is this a good short term solution, or am I missing something?
-Alan
>Unfortunately, as the spam checking is done first, you can't put a virus
>name in the ruleset deciding the spam actions :-(
>
>I need to take a look at this area and have a good think about it, which
>won't happen right now as I can't even keep up with my incoming mail, let
>alone stop and think about anything.
>
>Sounds like it would be a good idea to do the virus scanning first, then
>the spam scanning. This would mean that everything would be virus-scanned,
>even spam that was then deleted. But the cost of virus scanning extra files
>is a lot lower than the cost of spam scanning extra files, which wasn't the
>case when I first started writing MailScanner.
>
>I'll try to find time this weekend to work on it, once I have sat and
>thought about it for a couple of hours it might turn out to be trivial
>change, but I need to be *very* careful in this area.
>
More information about the MailScanner
mailing list