Block SOBER at MTA (postfix)

[Drew Marshall]

On 4 Dec 2005, at 15:49, Julian Field wrote:

>>> Going forward (if the interest exists) i think we ought to  
>>> maintain  this for all supported MTAs and all (possible) new  
>>> virus outbreaks.
>>
>>
>> Agreed. Perhaps we can lift some of the regex's from the Clam  
>> virus  definitions? I have no idea how possible this is/ maybe...
>
> This sounds remarkably like you are trying to make a virus scanner  
> of your own. You better be sure this is really the sort of thing  
> you want to take on as a project. You'll have users wanting  
> signatures very quickly and stuff like that, before you know where  
> you are.
> Personally I would steer well clear of it, and try out various ways  
> of deploying ClamAV at MTA level if that's what you want to achieve.
> Just my 2p worth...

Re-reading my post it does sound like that doesn't it...

Certainly this is not what I am trying to achieve, however for major  
outbreaks using header/ body checks maybe useful (My ISP uses a  
similar technique on their incoming MTA's). This sort of thing can  
never be a substitute for a real AV product. After all, why re-invent  
the wheel, Clam does rather a good job and if you want MTA scanning  
use clamd direct from your MTA. Most have some form of plugin  
capability.

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!