[Esd-l] URG: Updated novarg local rule for sanitizer
Michael Ghens
michael at spconnect.com
Tue Jan 27 09:32:15 PST 2004
Personally I believe in a multi-tiered approach instead of depending on
one item.
Right now, I have clamav at http://www.clamav.net scanning all e-mails
coming in. I am using the trashscan filter from the system procmailrc
which is located in the clamav contrib directory.
Then I have John's script next.
You cannot be to safe...
--
Michael Ghens
michael at spconnect.com
Jabber: michael at spconnect.com
ICQ: 29145688
On Tue, 27 Jan 2004, Scott Taylor wrote:
> Date: Tue, 27 Jan 2004 08:48:20 -0800
> From: Scott Taylor <scott at dctchambers.com>
> To: Email Security Discussion list <Esd-l at spconnect.com>
> Subject: Re: [Esd-l] URG: Updated novarg local rule for sanitizer
>
> At 06:08 AM 01/27/2004, John D. Hardin wrote:
> >All:
> >
> >Based on what made it through overnight I have updated the rule a bit.
> >See the attachment or grab the recommended rules file.
>
> Cheers.
>
> >Unfortunately it seems to be using some random filenames, so I will be
> >looking for signature strings in the base64 attachment body. Keying
> >off the filename won't be enough.
>
> Gee John, maybe it's time to write a full fledged virus scanner. How about
> uzipping the attachment and looking at it that way. May be a bit resource
> intensive, but that's why servers keep getting bigger. ;)
>
> >-----------------------------------------------------------------------
> > 67 days until the Slovakian Presidential Election
>
> HEHE
>
>
> _______________________________________________
> Esd-l mailing list
> Esd-l at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esd-l
>
More information about the esd-l
mailing list