ClamAV missing Sobig

Tony Finch dot at DOTAT.AT
Tue Sep 2 11:29:55 IST 2003


Antony Stone <Antony at SOFT-SOLUTIONS.CO.UK> wrote:
>
>On one particular system I currently have 8 A-V engines running, and I have
>this idea that it would be very useful to set up a mail server such as this
>running lots of A-V engines, scanning every email it receives, and delivering
>nothing but  sender notifications to identify what each A-V system said about
>the attachments.

You mean a computer specifically intended to piss off the innocent victims
of email forgery?

>the only bit I haven't worked out yet technically is how to stop it being
>used a bit like an open relay, as it could be abused by somebody sending
>loads of Sobigs into it, with lots of innocent email addresses getting the
>resultant notifications (I couldn't use the 'Silent Viruses' list, because
>that would defeat its entire purpose if someone genuinely sent it a Sobig
>sample).

There is *NO* *WAY* of telling the difference between forged and genuine
email, except for certain specifica cases. The point of the silent viruses
list is that those viruses always forge email, so they should be simply
deleted.

Tony.
--
f.a.n.finch  <dot at dotat.at>  http://dotat.at/
FITZROY: NORTHEASTERLY 4 OR 5 INCREASING 6 OR 7 IN SOUTHEAST. THUNDERY
SHOWERS. GOOD.



More information about the MailScanner mailing list