On Tue, 2004-09-28 at 21:35, Steffen Heil wrote:
Hi
I have a serious issue with the current way virus samples are submitted.
Right now, many viruses, such as the currently-spreading jpeg virus (see
http://www.easynews.com/virus.txt) are detected by 0.80rc# or by some CVS
version. But we
Hi
There are a significant amount of other methods that will generally detect
an infected email. Approximately 3.8% of infected emails ever reach the
stage where the virus scanners I use get called into action, and Clam hasn't
missed one of those yet. Check for other email exploits before
Hi
The main types of checks that should be done are regarding the composition
of the emails. For example, the ones you mention above, clsid and boundary
checks, will stop a proportional amount of virus mails from getting any
further.
Okay... already doing so.
Then there are others, like
Hi
I have a serious issue with the current way virus samples are submitted.
Right now, many viruses, such as the currently-spreading jpeg virus (see
http://www.easynews.com/virus.txt) are detected by 0.80rc# or by some CVS
version. But we can't be expected to run those on production servers.
