On Fri, 22 Aug 2003 at 20:41:13 +0200, Tomasz Kojm wrote:
> On Fri, 22 Aug 2003 08:27:17 +0100
> Nigel Horne <[EMAIL PROTECTED]> wrote:
> > On Thursday 21 Aug 2003 6:13 am, David Jansen wrote:
> > > Any chance such a
> > > feature will be included in clamav-milter at some point? (i.e.
> > > answering most virusses but not the once like sobig who use a fake
> > > sender address)
> >
> > That would need a change in the protcol for communication that clients
> > use to speak to the clamd server. Tomasz, what do you think?
>
> That should be implemented in clamav-milter, I can create a list of worm
> names(in clamav) that fake a sender address.
E.g., amavisd-new uses the following list of regular expressions (note
that they are given case insensitively!) as viruses_that_fake_sender_re:
nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar
(Additionally, I added dropper.c at my system).
Most names seem the same in Clamav, with one exceptions
(braid/brid.worm).
Name used by Amavisd-new | Probable Clamav equivalent
-----------------------------------------------------------
nimda | nimda
hybris | hybris
klez | klez
bugbear | bugbear
yaha | yaha
braid | brid.worm (?)
sobig | sobig
fizzer | fizzer
palyh | palyh
peido | peido
holar | holar
| dropper.c
|
I don't know if this list is complete.
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
