[EMAIL PROTECTED] wrote on 03/03/2004 06:04:22 PM: > I've discovered that greylisting with certain parameters completely > prevents the latest crop of nasty zip viruses. > > I have a number of samples that all sent themselves in bursts of 3 within > a few seconds. Our greylisting parameters include sender address, recipient > address and first 3 octets of sending relay. Crucially, we also specify > a minimum "quiet time" of two minutes between retries. > > This has completely stopped the zip viruses on our box. > > Tomorrow, I will release MIMEDefang 2.40-BETA-3 which will have > routines to look inside zip files. >
No wonder I wasn't seeing it being detected by the antivirus on my CanIT Pro boxes! I use a the sender/recipient/IP triplet setting with a 4 minute delay. BTW, what other commercial spam filters use greylisting now? Any? _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
