However, since this was 12 hours after the initial attack, it was a
reasonable response. My first server-based filter was a subject filter,
meant to stem the tide while I developed something a little better. Turns
out "something better" was easily implemented, but nowhere near as easy as
the 3 min or so it took to write the procmail subject filter. So, as a
stopgap measure, subject filters are fine. But long term (I guess anything
more than 24 hours) it is a poor substitute.
>On Fri, May 05, 2000 at 05:14:46PM -0600,
> Steve Wolfe <[EMAIL PROTECTED]> wrote:
>>
>> When I sent my analysis of the "iloveyou" virus to BugTraq, I was
>> deluged with email - all of them bounces. Because my message started
with
>> "ilove you", many, many mail servers had blocked it. That was within
>> something like 12 hours of the release. Think of the immense amount of
>> headaches the system administrators for those companies saved themselves.
>> The ounce of prevention was worth a metric ton of cure.
>
>That is supposed to be an example of good effects of virus scanning?
>
>Subject based scanning is bad. You get a lot of false positives and well
>written viruses will choose from a large set of common subjects to make
>subject blocking costly.
