[Esa-l]Re: Sircam virus filter
Juan Manuel Calvo
jmc at cema.edu.ar
Thu Aug 2 05:19:06 PDT 2001
> On Wed, 1 Aug 2001, Juan Manuel Calvo wrote:
>
> > I have found a very simple solution to the Sircam problem. Your
> > procmail sanitizer allows defang the attachment but the users
> > receives the email.
>
> Not if you poison *.bat *.pif *.lnk and *.com - is there really any
> reason to be accepting these sort of attachments from random people
> out on the Internet?
I'm poisonig all executable extensions but Sircam fills the user
mailboxes,
some of my users get over a hundred infected messages overnight,
mailbox strikes the quota and loose or delay more important messages.
>
> > I have added the following lines in my /etc/procmailrc BEFORE
> > the sanitizer:
> >
>
> That's a signature-based defense. What if SirCam mutates a little?
Your sanitizer will poison the attachment, my users will have to clean
your mailboxes and loose some messages, and I'll have to change de
signature,
not a real danger.
--
Ing. Juan Manuel Calvo |TE: +54-11-4314-2269
Director del Centro de Computos |FAX:+54-11-4314-1654
Universidad Del CEMA |
Cordoba 374 (1054) Capital Federal, Argentina| http://www.cema.edu.ar
More information about the esd-l
mailing list