Sobig.E Getting Through Intermittently

Ulysees Ulysees at ULYSEES.COM
Fri Jun 27 17:47:41 IST 2003

> Hi all!
> > I think that Ron has a valid point. It makes more sense to solve the
problem at the root
> > which is the MailScanner engine, since it has proven to be much better
than an signature
> > update from the AV company. That takes 48-72 hours the earliest.
> >
> > This level of checking will increase the security that much higher.
> >
> > Just thought I'd add my two bits to Ron's e-mail and add it as a feature
request in
> > mailscanner.
> I would vote for this feature too. Maybe this could be done as "dummy"
> scanner which just tag mail containing disallowed suffixes (and dig into
> archive files)?

I think this feature would be usefull, but I think I've already spotted a
few gotchas.
This means mailscanner has to extract the archives instead of the virus
scanner, does this leave it open to all the vulnerabilties with archives
that we normally trust the virus scanner to avoid ?
I think would also need to reference a second list of allowed file types,
what if you want to let your users recieve a potentially malicious filetype
eg a .reg file but only when sent in an archive ?

Just my 2c


More information about the MailScanner mailing list