On Sat, Dec 08, 2001 at 11:16:14AM +0800, Migs Paraz wrote: > Unfortunately, virus signatures are considered proprietary IPR by antivirus > makers. > > What I'd like to see is a signature file for the most common stuff. > I bet the largest percent of mal-messages now belongs to say, 10 viruses/ > trojans whose signatures are common knowledge by now. > > Wanna do a little research?
I have been working with a virus scanner called "mailscanner": http://www.sng.ecs.soton.ac.uk/mailscanner/ It can use either sophos or mcafee scanners to check for virii. However, it also has a handy list of all Windows executable types, and won't let those through. That alone would stop all of the recent mail worms. If that's too inconvenient for users (which I find difficult to believe), then it could easily be modified to disallow any attachments with two extensions if the second is executable. Anyway, the point is that signatures aren't even necessary for most of the email worms that go around. Just stopping Windows executables from getting through is enough. Michael -- Michael Darrin Chaney [EMAIL PROTECTED] http://www.michaelchaney.com/ _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
