ClamAV missing Sobig

[Antony Stone]

On Monday 01 September 2003 7:18 pm, Gerry Doris wrote:

> OK, I got another batch of these Sobig virii that ClamAV is missing and
> have sent one to your personal addtress as you requested (I can forward
> all my virii to you if you wish <grin>).

Actually, that's not such a ridiculous idea as it may initially appear...

One of the things (only one, mind) which I love about MailScanner is the
ability to run multiple antivirus engines and get every mail scanned by all
of them.

On one particular system I currently have 8 A-V engines running, and I have
this idea that it would be very useful to set up a mail server such as this
running lots of A-V engines, scanning every email it receives, and delivering
nothing but  sender notifications to identify what each A-V system said about
the attachments.

It would be cheap (it would only be a single machine, with a single mailbox,
so the lowest level of licence as far as the A-V vendors are concerned), and
the only bit I haven't worked out yet technically is how to stop it being
used a bit like an open relay, as it could be abused by somebody sending
loads of Sobigs into it, with lots of innocent email addresses getting the
resultant notifications (I couldn't use the 'Silent Viruses' list, because
that would defeat its entire purpose if someone genuinely sent it a Sobig
sample).

Ho Hum.

Antony.

--

The difference between theory and practice is that
in theory there is no difference, whereas in practice there is.