Re: [Exim] Bugbear/B filtration

Pàgina inicial
Delete this message
Reply to this message
Autor: Dan Egli
Data:  
CC: Exim users list
Assumpte: Re: [Exim] Bugbear/B filtration
Simon Dick wrote:

| On Thu, 2003-06-05 at 12:38, Alan J. Flavell wrote:

|
|>On Thu, 5 Jun 2003, Asbjorn Hoiland Aarrestad wrote:
|>
|>
|>>Use exiscan and a virus scanner. This will stop more than just common
|>>viruses.
|>
|>Just to clarify this point: Having a virus scanner is certainly a
|>valuable backstop, but if that's the only precaution, then it more or
|>less guarantees infection, sooner or later, when a virus arrives
|>before its anti-virus update. It's best to have a policy of blocking
|>potentially-dangerous formats. And by all means a virus scanner too.
|>
|>Most recently, we (or rather, exiscan) blocked several instances of
|>what turned out to be Sobig-C, on the grounds of it being a
|>potentially dangerous attachment, in the relatively short time until
|>the update for it arrived from the anti-virus vendor. The two
|>different kinds of report are evident in the log:

I have to disagree here, at least if you're using a virus scanner like
Mcafee. I use Mcafee's free Linux command line scanner. The other day I
got a sobig virus sent to me (three of them actually). I didn't know
that my virus datafile update script (update-nai.pl, grabs the
DAILYDAY.ZIP from Mcafee's web site, a set of datafiles updated NIGHTLY)
had not run in a while (I screwed up a path and it was looking for
something it was not finding). But sobig did not get through! Mcafee
identified it as "an unknown virus or trojan". That struck me as odd,
and after investigations I found and fixed the dailydat problem, grabbed
a new dailydat, and rescanned the file (it was automatically
quarenteened), and it identified the virus as Sobig/C.

I have always HATED sites that block EXEs and other files simply because
they COULD contain a virus. Yesterday I had a software vendor ask me to
send him some files that was making a program he wrote crash when it
loaded up. He asked for them in a ZIP file. So, I sent a self-extracting
ZIP, and it was promptly rejected.

I've had a virus scanner running with Exim (with AMaViS) for over a year
now, and am pleased to report a 100% virus stopping record.

- --- Dan