Hi I've just seen the attached mail on the qmail mailing list.
Neither Kaspersky nor ClamAV (the two AV systems I'm currently using) seem to use this @MM naming scheme nor something similar... nevertheless this info could be useful for the "only silencing certain worms/silence all of them" discussion. -- Vicente Aguilar <[EMAIL PROTECTED]> Departamento de Sistemas Tlf.: 965 98 71 92 Recursos en la Red, S.L.U. http://www.renr.es
--- Begin Message ---On Wed, Feb 04, 2004 at 04:14:09PM +0100, Christophe Saout wrote: > The problem with this solution is that the admin has extend the list as > soon as new worms appear. Having this with the virus definitions of the > virus scanners would be good. Some AV companies code mailing capabilities in the names of the viruses. for example in "W32/[EMAIL PROTECTED]" the "MM" means that it has it's own mailing capabilities and is probably faking sender addresses. So if your AV vendor is naming viruses like that just don;t send notifiers out for names ending in @M oder @MM. However our vendor (sophos) does not use this nomenclature and somne others don't, too. \Maex -- SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299 "The security, stability and reliability of a computer system is reciprocally proportional to the amount of vacuity between the ears of the admin"
--- End Message ---
