On Mon, September 11, 2006 18:15, John D. Hardin wrote: > Probably not, as you'd have to visit the link to get something for the > virus checker to check. On the server side, it'd have to follow the > like to download the executable to scan, and I *really* doubt anyone > would want their mail gateway to be doing *that*.
why not ? clamav pics it up as Virus scanner output: p006: Trojan.Dropper.Delf FOUND p004: Trojan.IRCBot-96 FOUND p002: Trojan.IRCBot-arc FOUND > This is more a security policy issue - "I don't want to accept email > with links directly to executable content". Hence an SA rule. SA is not a virus scanner, but there could be a rule for dobbel extensions -- "This message was sent using 100% recycled spam mails."
