Mydoom Virus getting Through - High Spam
maillists at CONACTIVE.COM
Thu Feb 12 21:31:30 GMT 2004
Julian Field wrote on Thu, 12 Feb 2004 18:19:33 +0000:
> You can't trust anything that is in any header.
I see what you mean. But I guess there is some way to handle this. But
even without a second scanning I think it's worthwhile to consider adding
such an option.
What I was thinking is: why handle the extra load if I already know that a
message contains a virus or a filetype I want to block? At the moment all
viruses are scanned for spam as well which looks like a waste of time for
I suppose just determining the file type would be the fastest check, then
maybe virus scanning and then spam scanning. If we get an .exe file we
don't care to know which virus it is or if the tweaked SA rules would have
caught it as well. Just stopping and quarantining is enough. Doing
something like this could lower the load considerably I think.
I'm not sure what "Blocked File" does, does the quarantining of viruses
apply to it as well? Is there a particular order MailScanner carries out
At least at the moment I think it would be a good idea if I could tell it
to scan in this order:
- filetype/extension detection
- virus detection
- spam detection
and if any of them is true quarantine (or whatever action I have set) it
and stop scanning.
Maybe, if I could do this it would turn out as not too effective and I
would stop using it soon. I don't know.
But I can't try it out or can I?
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org
More information about the MailScanner