Grreting card scams

Glenn Steen glenn.steen at gmail.com
Fri Jul 27 13:22:43 IST 2007


On 27/07/07, Alex Broens <ms-list at alexb.ch> wrote:
> On 7/27/2007 2:00 PM, UxBoD wrote:
> > The plugin looks good, but would also mean the message is scanned twice.  Also would require the new code Jules has written for setting the message as Virus when the SA ruleset is hit.
> >
> > Double edged sword really as both incur a time/processing overhead IMHO.
>
> Hoping not to start a philosophy war:
>
> you *could* set MS to *only* use your *Highly respected Commercial AV*
> and the plugin to use the Clam plugin.
>
> *Highly respected Commercial AV* will kill the msg after Clam plugin
> tagged as infected.
> (did I get my MS flow right?)
>
> so what's left over in Quarantine is phishes and possibly new viri
> tagged with Clam's generic sigs, tagged as spam, (which comes in handy
> to report to *Highly respected Commercial AV*'s dev team :-)
>
>
> lots of ways to do stuff...
>
> Alex
>
Yes, you got it right:-).
And with the new features, depending on exactly where in the process
they're applied, the *HRCAV*s might not even see them.
Upside on this approach is that there would eb a way to get the sigs
to work without having to alter MailScanner core (source/concepts)
behavior ... sort of. Jules will be happy:-).

If I find time away from my DBs today, and that very much overdue
update to thenetwork topology chart the PHB has been moaning about, I
might try this on today.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list