We host e-mail for schools, business's, etc. It's not feasible to enforce blocking .exe's and keep customers. Simple economics. Support costs are an issue and it's a small trade off in this incident to go blocking the gif route.
Dee On Sat, 2003-09-20 at 09:16, Thomas Lamy wrote: > Antony Stone wrote: > > On Saturday 20 September 2003 4:54 pm, Daniel J McDonald wrote: > > > > > >>On Sat, 2003-09-20 at 10:40, Antony Stone wrote: > > > > > >>>A gif is not a virus, so it should not be detected by an anti-virus > >>>program. > >>> > >>>Anyway, what's the point? Why bother blocking a 'damaged' copy of a > >>>virus, where 'damaged' actually means 'missing'? > >> > >>Do you want to receive 200 of these mails, like I did last night? > >> > >>Do you want your clueless users calling you all day asking why they > >>can't find the patch that Microsoft e-mailed them? > > > > > > Are you suggesting that you allow emails with a .exe attachment to be > > delivered? > > > > I regard that as a sufficient reason to block an email, whether the .exe is a > > virus or not. > > > > The zero-length attachments on Gibe.F emails I've seen so far have all had > > .exe extensions, so they get blocked by my server (although for a different > > reason) just the same as the real ones. > > > This might work for you, but I for one have to manage an ISP's mail > server and an AV mail exchanger, where users _want_ to get non-virus > .exe attachments (either if they have noe clue, or aren't willing to > educate .exe senders. After all, they're paying for hassle-free internet > and mail access). > There are other/greater ISPs and portals (IIRC freenet.de, > sourceforge.net), which also can't completely block .exe's. Maybe Marian > Eichholz [freenet.de] can sched some light on their policies. > > > I still maintain that a gif is not a virus, and therefore shouldn't be > > recognised by an antivirus program, however the beauty of Open Source is that > > you can change it if you want to, so feel free to create your own signature > > for the gifs if you want, and put them in the ClamAv directory. > > > > I don't think such signatures will make it into the general distribution, > > though. > It's nearly the same discussion as with damaged sobig.f's with damaged > attachments. Technical, these mails weren't virii, but crap. Crap which > may make (not completely) uneducated users (like bosses) say: "Huh, this > is a virus. I thought we have an email virus scanner? Sysadmin, what > crappy av software are you using?" > I thought we came down to that this behaviour, although technically > correct, may give clamav a bad attitude (which clamav does not deserve). > > For this reason, I'm +1 for creating a signature which matches the gif. > At least temporary. > > > Thomas -- W.D.McKinney (Dee) | Affordable E-Mail and Internet Solutions Alaska Wireless Systems | for Schools, Libraries, Clinics & Business' http://www.akwireless.net | Call 1-907-349-4308 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
