On Jan 6, 2006, at 11:46 AM, Chuck Swiger wrote:
Dennis Peterson wrote:
Randal, Phil said:
[ ... ]
I have. It's very useful when a new virus variant arrives and is
detected by only one of our three virus scanners (or is blocked by
filetype alone). If it is quarantined I can pull out the
quarantined
copy and submit it to virusscan.jotti.org, www.virustotal.com,
and the
Antivirus vendors.
I guess I don't understand the need to submit a detected and
quarantined
virus to anti-virus vendors.
In other words, you quarantine anything which contains an
attachment which ends in .exe, .com, .pif, and so forth. I require
my users to zip or tarball attachments before they send them.
Doing so will catch many new viruses before the AV people have
pushed out updated definitions.
sure, because .zip files never contain viruses. Not sure what a
better solution is. Frankly, most of my clients are seeing spyware
as a worse threat than day zero viruses. IE just seems to seek them
out :)
More specificly, I've found viral messages in the quarantine which
were not recognized by ClamAV when the email went by, although a
day or two later they generally will be.
--
-Chuck
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html