Palyh-A virus

Remco Barendse mailscanner at BARENDSE.TO
Mon May 19 18:27:28 IST 2003 

Are there any viruses left for which the notification is actually useful?

All the new viruses use bogus from: addresses, and the old ones hardly
come around anyways (only from some ppl that are using stone age software
and ditto virus scanners).

Aren't we better off with a solution that kills off all these messages if
they originate from a foreign domain/address?

Maybe we should create sort of a sender's domain list of domain names
and/or mail server ip adresses for our own local mail servers. If there
are any virus messages from those domains / ip's then the local
postmaster should be notified, or otherwise drop the notification?

This way we will know if we have an infection on our hands, any from
adresses from the net are mostly fake anyways.

Just my 2 cents :)


On Mon, 19 May 2003, Julian Field wrote:

> At 16:42 19/05/2003, you wrote:
> > > At 14:24 19/05/2003, you wrote:
> > > >On Mon, 19 May 2003 06:41:54 -0600, you wrote:
> > > >
> > > > >Thanks to MailScanner, three .pif attachments that
> > > included Palyh-A were
> > > > >stopped before Sophos had an updated definition!
> > > >
> > > >It is called W32/Sobig.B at mm by f-prot.
> > >
> > > The upgrade_MailScanner_conf script will copy over your old
> > > setting for the
> > > "Silent Viruses" parameter, so you will need to add this one
> > > yourselves.
> > >
> > > In new installations, both "Palyh" and "Sobig" are included
> > > in the list.
> >
> >If it's not already done, can you add "Fizzer" to the list too?  Thanks.
>
> Done.
> I'm going to have to do something about this list soon, it was better off
> in a file like it was in version 3. For V4 I wanted to get rid of all those
> "special" files if I could.
>
> How about a filename or a list of virus names. Then it just reads the list
> of virus names out of the file. Then you could still use a ruleset which
> produced a filename which in turn contained the virus names.
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>

More information about the MailScanner mailing list