On Thursday 16 September 2004 12:56 pm, Nigel Horne wrote: > On Thursday 16 Sep 2004 16:51, Vladimir Potapov wrote: > > Every day I have received about 30 email's with pictures which have > > strange names( for example sevwqwso.gif, iwhfetsn.gif, qfwecqtf.jpg) and > > nonexistent's senders ([EMAIL PROTECTED], [EMAIL PROTECTED]). Clamav > > don't find any viruses in this email's . > > Can Clamav find viruses in pictures? > > It is possible that these pictures are linked to URLs so that if you click > on them from you are taken to a site which downloads a virus. ClamAV has > experimental code to handle this called "FOLLOWURLS". > Being experimental it is only in the test version available from snapshot > and CVS, and is not compiled in or enabled by default. To enable it you > need to defined FOLLOWURLS in mbox.c (about line 447) and either run > clamscan with --mail-follow-urls or if you're using clamd you will need to > enable MailFollowURLs.
one problem I see with something like this is that almost all spams nowadays
have urls in them for 'opens' and 'clickthroughs' and this may inadvertently
confirm someone's email address. I understand that it's experimental and
such, but it just sounds like a horrible idea if you ask me.
If you're not sure what I'm referring to, I'll gladly forward you some spam
that has such 'features' in it.
On a side note, a buddy of mine once showed me a company that "guaranteed"
that when a user opened an email from them, it was tracked, when in actuality
it was no new fangled technology, it was the same old 1x1 transparent gif
image cgi script bullshit :)
-Jeremy
--
Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc.
[EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l
kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
GnuPG Key ID: 481BF7E2 ++ scriptkitchen.com/kitchen.asc
pgp3w6qqNELUP.pgp
Description: PGP signature
