F-prot update
Richard Lynch
rich at MAIL.WVNET.EDU
Sat Mar 6 15:25:09 GMT 2004
Dan Hollis wrote:
>On Sat, 6 Mar 2004, Julian Field wrote:
>
>
>>The problem is that the virus writers can produced a hundred different
>>strings every day. You have to start using an engine like SpamAssassin to
>>try to find them, wherever you can have hundreds of rules and give each
>>word a probability of being the password. Big problem.
>>
>>
>
>You can't get them all, so why bother getting any?
>
>An awfully fatalistic approach to filtering abuse. If everyone took this
>attitude toward filtering, there wouldnt be any spamassassin or mcafee or
>kapersky or clamav.
>
>Rather than being preoccupied with what hypothetical "might happen" tomorrow
>and giving up immediately before even starting -- why not focus on what we
>_can_ catch, right now, today, this very instant, that would generate
>positive results stemming the _current_ avalanche of abuse?
>
>Or am I the only one who sees benefits in effort to mitigate _current_
>abuse?
>
>-Dan
>
>
It comes down to anticipated returns on investment. You think it's
worth it, others (including myself) do not. We've put a permanent ban
on password protected zip files here because their integrity cannot be
assured -- that's not going to change. There are better ways of
transmitting sensitive data. Playing games with sifting for passwords
is a losing proposition and not worth the time or effort. Admittedly,
it's a judgment call and one that you'll not likely find 100% agreement
on but I, for one, agree with it. The argument -- why bother doing any
virus scanning or spam filtering at all -- is unreasonable and over the
top. The issue remains, is what you're specifically suggesting worth
doing? My personal conclusion is no.
--
Richard E. Lynch <rich at mail.wvnet.edu>
Systems Programming Manager
West Virginia Network (WVNET)
837 Chestnut Ridge Road
Morgantown, WV 26505
(304) 293-5192 x243
More information about the MailScanner
mailing list