Grreting card scams
UxBoD
uxbod at splatnix.net
Fri Jul 27 12:48:19 IST 2007
You could say that Glenn, but who knows how each AV company would implement the changes for this type of virii detection. If the company changes the results message in any way ie. FOUND becomes DETECTED then that AVs parser would need to change.
Regards,
--[ UxBoD ]--
// PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B
// Keyserver: www.keyserver.net Key-ID: 0x5DB5687B
// Phone: +44 845 869 2749 SIP Phone: uxbod at sip.splatnix.net
----- Original Message -----
From: "Glenn Steen" <glenn.steen at gmail.com>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Friday, July 27, 2007 12:26:43 PM (GMT) Europe/London
Subject: Re: Grreting card scams
On 27/07/07, UxBoD <uxbod at splatnix.net> wrote:
> Okay, had a look at the code and it should be fairly easy to sort out. What I was thinking was something along the lines of the WriteHeaderFile subroutine in Message.pm that would create a new file without any attachments called <MESSAGEID>.message, and this would then get scanned by the batch process. This would then trigger the signature. Okay it would take long to process each message as instead of <MESSAGEID>.head + N attachements, it would have an extra one to do. Just need to find out the bit of code which strips the attachements off.
>
> Regards,
>
Yes... But this is "clam-centric", wouldn't we need handle things for
all AVs too? To avoid silly "double detections"?
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list