MCP not working
UxBoD
uxbod at splatnix.net
Thu Aug 9 17:51:19 IST 2007
Latest versions of MS have option to scan whole message when using ClamAV, and not just attachments. Downside is a double scan, so slight performance degregation.
Regards,
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
----- Original Message -----
From: "Daniel Eiland" <daniel at bokko.nl>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Thursday, August 9, 2007 5:06:58 PM (GMT) Europe/London
Subject: RE: MCP not working
Thanx for the link, i did not know about it.
The thing is that this mail does not have an attachment. Mailscanner (i
think) only scans attachments with clamav, and not the message body.
-----Oorspronkelijk bericht-----
Van: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] Namens Scott Silva
Verzonden: donderdag 9 augustus 2007 17:47
Aan: mailscanner at lists.mailscanner.info
Onderwerp: Re: MCP not working
Daniel Eiland spake the following on 8/9/2007 5:07 AM:
> On Thu, 09 Aug 2007 14:05:04 +0200, Kai Schaetzl <maillists at conactive.com>
wrote:
>> Daniel Eiland wrote on Thu, 9 Aug 2007 12:30:02 +0200:
>>
>>> describe MCP_W32_ZHELATIN_GEN
>> 1. your rules all have the same name, only the first (I think) will get
>> used. You could condense them, anyway, to something like /received
a.*card
>> from a/".
>
> Good idea! Thanx.
>
>> 2. why would you use MCP for this? You are trying to catch a bit more
spam
>> than you normally could with the rules you currently have. So, what you
do
>> is add extra rules to the ones coming with the distribution. Either from
>> sites like www.rulesemporium.com or by dropping your own rules in
>> /etc/mail/spammassassin. Not MCP!
>
> Well, the thing is that these emails are in fact virusses.
> http://vil.nai.com/vil/Content/v_142621.htm
> But since there's no attachment, it is not scanned by clamav or
bitdefender.
> They are also not picked up by spamassassin rules. I also use
rules_du_jour for fetching all kind of rules.
> Getting this particular email in an outlook client makes (some version of)
outlook crash.
> Clicking the link in this email leads you to a website that will try to
use known exploits on your browser.
>
Have you tried the sanesecurity addons for clam?
http://www.sanesecurity.co.uk/clamav/
I think this will catch these AND mark them as viruses.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list